TechSpot

"You are infected" call 1 888 666 xxxx

By Twinfire
Jun 2, 2015
  1. Hello Techspot gods, my laptop has a pop out box stuck on the desktop rendering the area useless. Safemode allows me to come here.


    As per guidelines here is the FRST log, the addition.txt in the following post.




    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
    Ran by greg (administrator) on REDMACK620 on 03-06-2015 00:43:37
    Running from C:\Users\greg\OneDrive\Pictures\Desktop
    Loaded Profiles: greg (Available Profiles: greg & Administrator & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-19] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-04-01] (NVIDIA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
    HKLM-x32\...\Run: [SacReminderBOX] => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-02] (SAC)
    HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-05] (Intel Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {394aaf3d-1ef3-11e4-bf36-24fd524d85ec} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {495dbc98-f088-11e4-824f-24fd524d85ec} - "F:\AutoRun.exe"
    AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
    AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-04-01] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartUtilityUpdate.lnk [2015-05-10]
    ShortcutTarget: SmartUtilityUpdate.lnk -> C:\Users\greg\AppData\Local\SmartUtilityUpdate\SmartUtilityUpdate.exe (TechnoChrome LLC)
    Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-14]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mytoshiba.com.au/start
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {D0AD99D8-2C60-445A-B109-B7F58CA460CC} URL =
    SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {EF860DF9-0DB4-4950-8BE1-CEC61189B9FF} URL = https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-02] (Microsoft Corporation)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-02] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

    FireFox:
    ========
    FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default
    FF SelectedSearchEngine: Yahoo!
    FF Homepage: about:home
    FF Keyword.URL: https://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-02] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
    FF Extension: auto-plugin-checker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\auto-plugin-checker@jetpack.xpi [2015-05-19]
    FF Extension: CensureBlock - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\censureblock@gmail.com.xpi [2015-05-02]
    FF Extension: Strict Pop-up Blocker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-02]
    FF Extension: Adblock Plus - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
    FF HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S4 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1522664 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S4 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
    S4 CFUACProxy_boxsoftware; C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [83792 2011-11-02] (Storage Appliance Corp.)
    S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
    S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-26] ()
    S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
    S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
    S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [File not signed]
    S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation)
    S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-27] (Intel Corporation)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165488 2012-12-19] (Intel Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-27] (TOSHIBA CORPORATION)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
    R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
    S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
    S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2015-05-10] (Kingsoft Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-06-03] (Symantec Corporation)
    R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-03] (Microsoft Corporation)
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-03 00:43 - 2015-06-03 00:43 - 00000000 ____D () C:\FRST
    2015-06-03 00:37 - 2015-06-03 00:37 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
    2015-06-03 00:34 - 2015-06-03 00:34 - 00000000 ____D () C:\NPE
    2015-06-03 00:29 - 2015-06-03 00:37 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
    2015-06-03 00:29 - 2015-06-03 00:37 - 00000000 ____D () C:\Users\greg\AppData\Local\NPE
    2015-06-03 00:18 - 2015-06-03 00:18 - 00000077 _____ () C:\WINDOWS\setupact.log
    2015-06-03 00:18 - 2015-06-03 00:18 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2015-06-03 00:17 - 2015-06-03 00:17 - 00033853 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-06-01 15:45 - 2015-06-01 15:45 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-06-01 12:25 - 2015-06-01 12:39 - 00000000 ____D () C:\AdwCleaner
    2015-06-01 12:18 - 2015-06-01 12:18 - 00001136 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Malwarebytes
    2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-06-01 12:18 - 2015-06-01 12:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2015-06-01 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-30 19:30 - 2015-05-30 19:30 - 00000000 ____D () C:\WINDOWS\pss
    2015-05-30 10:07 - 2015-05-30 10:07 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
    2015-05-30 00:23 - 2015-05-30 00:30 - 00000000 ____D () C:\Users\greg\Camera Roll
    2015-05-20 03:03 - 2015-05-20 03:04 - 171245482 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Wed, 20-May-2015[3 3 52].rrs4
    2015-05-20 02:54 - 2015-05-20 02:54 - 00000000 ____D () C:\Unformat_Images
    2015-05-20 02:51 - 2015-05-20 02:51 - 00003252 _____ () C:\WINDOWS\System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2}
    2015-05-19 14:48 - 2015-05-19 16:04 - 00000000 ____D () C:\ProgramData\Protexis
    2015-05-19 14:46 - 2015-05-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
    2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\ProgramData\Broderbund
    2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D () C:\Program Files (x86)\Broderbund
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D () C:\Program Files (x86)\TypeFaster
    2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.1
    2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D () C:\Program Files (x86)\File Scavenger 4.1
    2015-05-18 11:37 - 2015-05-20 10:01 - 00000000 ____D () C:\Program Files (x86)\Convar
    2015-05-18 11:29 - 2015-05-18 11:29 - 00000000 ____D () C:\Program Files\EaseUS
    2015-05-18 11:19 - 2015-05-18 11:19 - 00000000 ____D () C:\Program Files (x86)\CodeMeter
    2015-05-17 16:18 - 2015-05-17 16:19 - 171088206 _____ () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Sun, 17-May-2015[16 18 52].rrs4
    2015-05-17 16:15 - 2015-05-20 03:14 - 00000000 ____D () C:\ProgramData\TEMP
    2015-05-17 16:14 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
    2015-05-17 16:03 - 2015-05-17 16:03 - 00000000 ____D () C:\Program Files (x86)\IUWEshare
    2015-05-17 15:42 - 2015-05-17 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\AmazingFileRecovery
    2015-05-16 22:30 - 2015-05-16 22:30 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-72ec5905-f21e-434b-9df8-3a3ecd072211
    2015-05-16 13:06 - 2015-05-16 13:06 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\002GJN
    2015-05-15 14:41 - 2015-05-15 14:41 - 00000000 ___HD () C:\$AVG-SHREDDER-TMP-9b6fb606-a48c-4705-a2d4-1453ec417a5a
    2015-05-14 17:54 - 2015-05-01 04:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 17:54 - 2015-05-01 04:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 12:50 - 2015-05-14 12:50 - 00000000 ____D () C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\OneNote Notebooks
    2015-05-14 10:30 - 2015-05-14 10:30 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
    2015-05-13 16:24 - 2015-01-30 08:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2015-05-13 16:23 - 2015-05-01 07:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-05-13 16:23 - 2015-05-01 06:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-05-13 16:23 - 2015-04-10 08:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-05-13 16:23 - 2015-04-10 08:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-05-13 16:23 - 2015-04-02 06:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-05-13 16:23 - 2015-04-02 06:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-05-13 16:23 - 2015-04-01 11:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-05-13 16:23 - 2015-04-01 10:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-05-13 16:23 - 2015-03-20 09:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-05-13 16:23 - 2015-03-18 01:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-05-13 16:23 - 2015-03-13 09:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-05-13 16:23 - 2015-03-13 08:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-05-13 16:23 - 2015-03-09 10:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2015-05-13 16:23 - 2015-03-04 09:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2015-05-13 16:23 - 2015-03-04 09:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2015-05-13 16:22 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-05-13 16:22 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-05-13 16:22 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-05-13 16:22 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-05-13 16:22 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-05-13 16:22 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-05-13 16:22 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-05-13 16:22 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-05-13 16:22 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-05-13 16:22 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-05-13 16:22 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-05-13 16:22 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-05-13 16:22 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-05-13 16:22 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-05-13 16:22 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-05-13 16:22 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-05-13 16:22 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-05-13 16:21 - 2015-04-25 05:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-05-13 16:21 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-05-13 16:21 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-05-13 16:21 - 2015-04-22 00:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-05-13 16:21 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-05-13 16:21 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-05-13 16:21 - 2015-04-22 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-05-13 16:21 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-05-13 16:21 - 2015-04-21 23:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-05-13 16:21 - 2015-04-21 23:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-05-13 16:21 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-05-13 16:21 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-05-13 16:21 - 2015-04-21 23:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-05-13 16:21 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-05-13 16:21 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-05-13 16:21 - 2015-04-21 23:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-05-13 16:21 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-05-13 16:21 - 2015-04-21 23:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-05-13 16:21 - 2015-04-21 23:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-05-13 16:21 - 2015-04-21 23:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-05-13 16:21 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-05-13 16:21 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-05-13 16:21 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-05-13 16:21 - 2015-04-14 06:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-05-13 16:21 - 2015-04-10 09:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-05-13 16:21 - 2015-04-10 08:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-05-13 16:21 - 2015-04-10 08:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-05-13 16:21 - 2015-04-09 06:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-05-13 16:21 - 2015-04-03 08:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2015-05-13 16:21 - 2015-04-03 08:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2015-05-13 16:21 - 2015-03-30 13:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-05-13 16:21 - 2015-03-27 11:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-05-13 16:21 - 2015-03-27 10:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-05-13 16:21 - 2015-03-27 10:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-05-13 16:21 - 2015-03-13 12:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-05-13 16:21 - 2015-03-13 12:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2015-05-13 16:21 - 2015-03-13 10:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2015-05-13 16:21 - 2015-03-13 08:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-05-13 16:21 - 2015-03-06 11:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
    2015-05-13 16:21 - 2015-03-06 10:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2015-05-13 16:21 - 2015-03-06 10:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
    2015-05-13 16:21 - 2015-03-05 07:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-05-13 16:21 - 2015-02-18 07:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-05-11 12:08 - 2015-05-11 12:08 - 00000000 ____D () C:\ProgramData\Synaptics
    2015-05-10 20:51 - 2015-05-10 20:51 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-05-10 20:51 - 2015-05-10 20:51 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-05-10 20:51 - 2015-05-10 20:51 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-10 12:16 - 2015-05-10 12:17 - 00000000 ____D () C:\Users\greg\AppData\Roaming\SMART PC TUNER
    2015-05-10 12:09 - 2015-05-10 12:09 - 00000000 ____D () C:\Users\greg\AppData\Local\TechnoChrome_LLC
    2015-05-10 12:07 - 2015-05-10 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Tuner
    2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Users\greg\AppData\Local\SmartUtilityUpdate
    2015-05-10 12:07 - 2015-05-10 12:07 - 00000000 ____D () C:\Program Files (x86)\TechnoChrome LLC
    2015-05-10 12:05 - 2015-05-10 12:05 - 00000000 ____D () C:\Users\greg\AppData\Roaming\TechnoChrome LLC
    2015-05-10 11:50 - 2015-05-10 11:50 - 00000000 ____D () C:\ProgramData\cmcm
    2015-05-10 11:50 - 2015-05-10 11:49 - 00056680 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi64.sys
    2015-05-10 11:49 - 2015-05-10 11:49 - 00081768 _____ (Kingsoft Corporation) C:\WINDOWS\system32\Drivers\ksapi.sys
    2015-05-10 11:49 - 2015-05-10 11:49 - 00000000 ____D () C:\Program Files (x86)\cmcm
    2015-05-07 13:58 - 2015-05-20 17:25 - 00007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
    2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
    2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
    2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
    2015-05-07 12:07 - 2015-05-26 10:51 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F7463E1-A7A9-46AF-B237-0305C22DE536}
    2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieUserList
    2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieSiteList
    2015-05-07 12:06 - 2015-05-07 12:06 - 00000000 __SHD () C:\Users\greg\AppData\Local\EmieBrowserModeList
    2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-05-07 11:40 - 2015-05-07 11:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-05-07 11:31 - 2015-05-07 11:31 - 00000386 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SD STICK (E).lnk
    2015-05-06 17:36 - 2015-05-06 17:36 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-05-06 17:36 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-05-06 17:35 - 2015-05-06 17:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files\iPod
    2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-05-06 17:33 - 2015-05-06 17:33 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
    2015-05-06 17:33 - 2015-05-06 17:33 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2015-05-06 16:26 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2015-05-06 16:24 - 2015-05-10 19:10 - 00000000 ____D () C:\Program Files\iTunes
    2015-05-05 22:57 - 2015-05-11 12:37 - 00000000 ____D () C:\Users\greg\mitchells port headland
    2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\MIXED PHOTOS 2014
    2015-05-05 22:57 - 2015-05-06 13:43 - 00000000 ____D () C:\Users\greg\ike my best mate (rip)
    2015-05-05 19:42 - 2015-06-03 00:19 - 00000000 ___RD () C:\Users\greg\OneDrive
    2015-05-05 16:06 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
    2015-05-05 16:05 - 2015-05-05 16:05 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
    2015-05-05 16:05 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOL.dll
    2015-05-05 16:05 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BOU.dll
    2015-05-05 16:05 - 2012-05-15 16:03 - 00096512 _____ () C:\WINDOWS\SysWOW64\CNC1769D.TBL
    2015-05-05 16:05 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
    2015-05-05 16:03 - 2015-05-05 16:03 - 00002052 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
    2015-05-05 15:58 - 2015-05-05 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2015-05-05 15:58 - 2015-05-05 16:04 - 00000000 ____D () C:\Program Files\Canon
    2015-05-05 15:57 - 2015-05-05 15:57 - 00002389 _____ () C:\Users\Public\Desktop\Canon MX520 series On-screen Manual.lnk
    2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ___HD () C:\ProgramData\CanonBJ
    2015-05-05 15:57 - 2015-05-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX520 series Manual
    2015-05-05 15:55 - 2015-05-05 15:56 - 00000000 ___HD () C:\Program Files\CanonBJ
    2015-05-05 15:08 - 2015-06-01 12:12 - 00000000 ____D () C:\ProgramData\CanonIJPLM
    2015-05-05 14:47 - 2015-05-05 14:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\STRING
    2015-05-04 20:51 - 2015-05-05 15:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Canon
    2015-05-04 20:51 - 2015-05-04 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
    2015-05-04 20:44 - 2015-05-05 16:03 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
    2015-05-04 20:31 - 2015-05-04 20:31 - 00000000 ____D () C:\WINDOWS\system32\STRING
    2015-05-04 20:31 - 2012-09-21 05:00 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNCALBO.DLL
    2015-05-04 20:31 - 2012-07-31 17:18 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
    2015-05-04 20:31 - 2012-07-31 17:18 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
    2015-05-04 20:31 - 2012-07-31 17:17 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
    2015-05-04 20:29 - 2012-09-20 05:00 - 00390656 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBO.DLL
    2015-05-04 20:22 - 2015-05-05 16:07 - 00000000 ____D () C:\Program Files (x86)\Canon
    2015-05-04 20:22 - 2015-05-04 20:22 - 00000000 ___HD () C:\ProgramData\CanonIJETV
    2015-05-04 14:14 - 2015-05-04 14:14 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
    2015-05-04 10:42 - 2015-05-12 09:00 - 00000000 ____D () C:\Users\greg\AppData\Roaming\EssentialGrammarInUse
    2015-05-04 10:42 - 2015-05-04 10:42 - 00000000 ____D () C:\Users\greg\AppData\Roaming\cld3-lookup
    2015-05-04 10:41 - 2015-05-04 10:41 - 00000000 __RHD () C:\Users\greg\AppData\Roaming\SecuROM
    2015-05-04 10:39 - 2015-05-04 10:39 - 00002358 _____ () C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essential Grammar in Use.lnk
    2015-05-04 10:38 - 2015-05-04 10:38 - 00000000 ____D () C:\Program Files (x86)\Cambridge

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-03 00:33 - 2013-08-22 21:25 - 11272192 ___SH () C:\WINDOWS\system32\config\BBI
    2015-06-03 00:20 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-06-03 00:19 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\greg
    2015-06-03 00:17 - 2015-05-02 21:53 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620
    2015-06-03 00:17 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-06-02 23:25 - 2015-05-01 21:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-06-02 23:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-06-02 19:21 - 2014-11-21 16:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-06-01 12:12 - 2015-05-01 14:39 - 00000438 _____ () C:\WINDOWS\Tasks\DriverUpdate Startup.job
    2015-05-30 23:30 - 2015-05-01 13:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144771067-2304087280-3493909680-1002
    2015-05-30 19:21 - 2015-05-01 14:45 - 00000000 ____D () C:\ProgramData\MFAData
    2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Guest
    2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D () C:\Users\Administrator
    2015-05-29 23:17 - 2015-05-01 17:46 - 00000000 ____D () C:\Program Files\Recuva
    2015-05-28 12:51 - 2015-05-01 13:25 - 00000000 ____D () C:\Users\greg\AppData\Local\Packages
    2015-05-24 11:14 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2015-05-23 11:42 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-05-22 16:39 - 2015-05-01 14:39 - 00000492 _____ () C:\WINDOWS\Tasks\DriverUpdate Scan.job
    2015-05-22 11:11 - 2015-05-01 14:51 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-05-22 11:11 - 2015-05-01 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-05-22 11:06 - 2015-05-02 19:03 - 00000000 ____D () C:\Users\greg\AppData\Local\Avg
    2015-05-20 18:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-05-20 10:01 - 2015-05-01 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-19 14:26 - 2015-05-02 01:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-19 10:01 - 2015-05-01 21:02 - 00000000 ____D () C:\Users\greg\AppData\Local\Adobe
    2015-05-19 09:41 - 2015-05-01 21:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-05-19 09:08 - 2015-05-02 18:57 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
    2015-05-19 09:08 - 2013-03-31 12:47 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-05-16 16:39 - 2013-08-22 22:44 - 00482672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-15 11:31 - 2015-05-01 21:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-05-14 17:54 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2015-05-14 17:53 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
    2015-05-13 17:32 - 2015-05-02 03:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-13 17:27 - 2015-05-02 03:48 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-13 17:17 - 2014-11-21 16:25 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-13 13:53 - 2014-09-09 14:13 - 00000000 __RHD () C:\MSOCache
    2015-05-10 21:03 - 2015-05-01 14:39 - 00000000 ____D () C:\Users\greg\AppData\Local\CrashDumps
    2015-05-07 12:03 - 2015-05-02 14:12 - 00000000 ____D () C:\Users\greg\AppData\Roaming\Apple Computer
    2015-05-07 11:40 - 2015-05-01 21:05 - 00001958 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2015-05-07 11:40 - 2015-05-01 21:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2015-05-06 17:32 - 2015-05-02 14:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-05-06 17:31 - 2015-05-02 14:06 - 00000000 ____D () C:\ProgramData\Apple
    2015-05-06 15:05 - 2015-05-03 04:33 - 00000000 ___DC () C:\WINDOWS\Panther
    2015-05-06 15:05 - 2013-08-22 21:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
    2015-05-06 13:03 - 2012-07-26 16:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
    2015-05-06 01:59 - 2014-11-22 00:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-05-06 01:59 - 2014-11-22 00:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-05 21:13 - 2015-05-01 13:27 - 00000000 ____D () C:\Users\greg\AppData\Local\VirtualStore
    2015-05-05 16:05 - 2013-08-22 23:36 - 00000000 __RSD () C:\WINDOWS\Media

    ==================== Files in the root of some directories =======

    2015-05-07 13:58 - 2015-05-20 17:25 - 0007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-22 18:00

    ==================== End of log ============================
     
  2. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
    Ran by greg at 2015-06-03 00:44:16
    Running from C:\Users\greg\OneDrive\Pictures\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1144771067-2304087280-3493909680-500 - Administrator - Disabled) => C:\Users\Administrator
    greg (S-1-5-21-1144771067-2304087280-3493909680-1002 - Administrator - Enabled) => C:\Users\greg
    Guest (S-1-5-21-1144771067-2304087280-3493909680-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1144771067-2304087280-3493909680-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.8 - Qualcomm Atheros)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Aurora 29.0a2 (x86 en-US) (HKLM-x32\...\Aurora 29.0a2 (x86 en-US)) (Version: 29.0a2 - Mozilla)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
    AVG 2015 (Version: 15.0.4354 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
    Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Clickfree (HKLM-x32\...\{1EB9B986-CECA-4E05-B454-C9343EE9DDE7}) (Version: 3.16.449.0 - Clickfree Automatic Backup)
    DriverUpdate (HKLM-x32\...\{9DE6EA82-B1F4-4156-9565-B38A1AA2D924}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
    DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Essential Grammar in Use (HKLM-x32\...\{253C884B-3E62-4FA3-88AF-4861F1A1BCC3}) (Version: 1.00.0000 - Cambridge)
    Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
    File Scavenger 4.1 (en) (HKLM-x32\...\QueTek File Scavenger 4.1 (en)) (Version: 4.1.1.0 - QueTek Consulting Corporation)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41504) (Version: 3.8.0.41504.23 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mavis Beacon Teaches Typing Deluxe 17 (HKLM-x32\...\{777A3891-D6D4-4C83-9367-FA45D40D40F3}) (Version: 17.00 - Broderbund Software)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MobiiHotspot 4G (HKLM-x32\...\MobiiHotspot 4G) (Version: 1.12.00.1020 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
    Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.4 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
    TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
    TypeFaster Typing Tutor (HKLM-x32\...\TypeFaster) (Version: - )
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
    WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    19-05-2015 10:40:17 Scheduled Checkpoint
    23-05-2015 11:39:53 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0892901B-0C25-4A61-9E18-F66FD1D68D6F} - System32\Tasks\TOSHIBA\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2015-04-30] (Adobe Systems Incorporated)
    Task: {228218F2-C530-414B-9194-FE42960C55EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
    Task: {2A1BCFBB-0A7E-4532-A9A3-66891B1CED05} - System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-02] (Microsoft Corporation)
    Task: {3A7A3B86-8A20-4904-92C3-603A003AC74E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {3E6453B0-85CF-4E82-A65A-4D6235EEF91E} - System32\Tasks\TOSHIBA\TSleepSrv => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [2013-03-05] (TOSHIBA Corporation)
    Task: {53B65EDC-9043-41FB-BE99-BFDCABC12424} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2012-07-12] (TOSHIBA Corporation)
    Task: {548DD8EB-A46D-4815-86EB-7FB7417FF09C} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-04-02] (SlimWare Utilities, Inc.)
    Task: {66333A93-97FA-4063-8A8C-2BEB4939D462} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
    Task: {6773E157-788D-42B0-8CBF-1E4F9F445434} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {82AF1A44-4104-483F-A9AB-317FC5F4EBE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {86D6C3F0-C864-4C9B-B35B-89930C362B9D} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {9C102E93-7053-4CA4-872B-7EA2CF9B7C25} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
    Task: {B6075E41-569B-4FFA-B560-ECE75C45E7EF} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-20] (Adobe Systems Incorporated)
    Task: {BA4D45E2-2143-4F63-B4E5-8B161EC28E36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: {C20CB1BE-F0F0-4786-A2DE-7613D7F53BE0} - System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2} => pcalua.exe -a "C:\Users\greg\Programs\Uninstall Information\Art Plus\apui4.exe" -c /file:"C:\Users\greg\OneDrive\Pictures\Desktop\DPR\dpr.xui"
    Task: {C9F1A40B-B79C-485A-8E84-C5735659F290} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
    Task: {D0CA5739-6AA7-4EEE-BC45-6A18D4EE03F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-15] (Microsoft Corporation)
    Task: {D2ED73B7-9E85-44B5-B7A8-BCA88A8554AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {EAC8B3E8-0866-4691-BAD9-0ADFC9C46E98} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-05] ()
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-01 23:33 - 2015-05-02 02:36 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\Users\greg\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430.SYS => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\greg\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
    DNS Servers: 10.0.0.138

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: avgfws => 2
    MSCONFIG\Services: AVGIDSAgent => 2
    MSCONFIG\Services: avgwd => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CFUACProxy_boxsoftware => 2
    MSCONFIG\Services: CodeMeter.exe => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dts_apo_service => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: HWDeviceService64.exe => 2
    MSCONFIG\Services: ICCS => 3
    MSCONFIG\Services: IJPLMSVC => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
    MSCONFIG\Services: Intel(R) ME Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: UNS => 2
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SacReminderBOX"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{73279ADA-2BA1-49DD-B735-648B8BDB35DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D294C3FF-742F-4C6D-8C03-3884D789AA32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A84A61C9-61A9-4F3E-B6FF-96A691DCE1C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{805A6CAC-66BB-4C30-B9F8-599897C1017F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{2110D0AF-95F8-4646-9553-1B6CF9C8355A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{3F4A7174-A131-4E17-ACB0-E55D50EF9403}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    FirewallRules: [{603D064C-00E3-4851-BABD-52A8ACF6D7E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{D3B864AE-D537-45EA-9521-C2FFF25E936F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{FE2779A9-0E46-4AB8-988C-3FA6947D7C76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7B26CD1A-F1F9-4F20-A1B0-1B122AAD040D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{39262AD9-BAAD-46BA-89B1-C824270C9E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DDA6948D-47A8-40A0-8B02-D3CDE587EF6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{90BF9C5A-7661-4778-9AC7-E5B2FEA5EDC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{56677E13-5924-4CCF-9DED-C0C7AFA5F8B4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{BC8B9506-A7AA-48F9-A374-938C59CCDCDC}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{3799FAB3-4E74-4EAE-B3B2-CF7A71343D6D}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsiFD98.tmp\CnetInstaller-75715872.exe
    FirewallRules: [{85FC4D74-E077-4FE0-A9F7-8B6A171ED648}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsiFD98.tmp\CnetInstaller-75715872.exe
    FirewallRules: [{7629C29E-AECC-45CB-B387-DF7D00B99E43}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsaAFFE.tmp\CnetInstaller-10441764.exe
    FirewallRules: [{DF5C07D0-C7B5-47CC-81C2-3A5062A29941}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsaAFFE.tmp\CnetInstaller-10441764.exe
    FirewallRules: [{47B90EF5-0572-48E7-A077-70628CA45C30}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{8E371A53-0B2C-412F-995F-BAFBC8D5D32C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{6A43F73E-17B3-4104-BF54-470C826971EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{70F1992E-12D1-4A00-8741-055B7B4E4351}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{33D6F97E-4401-47D5-BEDA-B9BD72D02F9C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{4B2C3049-C6D1-4843-AE0F-BF0AAAA80D02}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/03/2015 00:34:53 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/03/2015 00:31:35 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/03/2015 00:23:12 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/03/2015 00:23:12 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/03/2015 00:19:35 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/03/2015 00:16:39 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/02/2015 08:13:36 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/02/2015 08:08:55 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/02/2015 08:07:45 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/02/2015 08:07:01 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.


    System errors:
    =============
    Error: (06/03/2015 00:44:17 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:44:17 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:38 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:38 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:30 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/03/2015 00:43:18 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/03/2015 00:43:16 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:16 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:12 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/03/2015 00:43:12 AM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


    Microsoft Office:
    =========================
    Error: (06/03/2015 00:34:53 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/03/2015 00:31:35 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/03/2015 00:23:12 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/03/2015 00:23:12 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/03/2015 00:19:35 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/03/2015 00:16:39 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/02/2015 08:13:36 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestc:\users\greg\onedrive\pictures\desktop\esetsmartinstaller_enu.exe

    Error: (06/02/2015 08:08:55 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestc:\users\greg\onedrive\pictures\desktop\esetsmartinstaller_enu.exe

    Error: (06/02/2015 08:07:45 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

    Error: (06/02/2015 08:07:01 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: c:\program files\windowsapps\codefromhome.spellit_1.2.0.15_x64__2rj187fe1jahy\SpellItJupiter.exec:\program files\windowsapps\codefromhome.spellit_1.2.0.15_x64__2rj187fe1jahy\SpellItJupiter.exe1


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-30 21:19:45.747
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-05-30 21:08:44.637
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-05-30 21:04:31.375
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
    Percentage of memory in use: 32%
    Total physical RAM: 3960.15 MB
    Available physical RAM: 2675.21 MB
    Total Pagefile: 6776.15 MB
    Available Pagefile: 5569.03 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: (TI31053700C) (Fixed) (Total:682.69 GB) (Free:626.5 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Hello Broni, your time and effort are greatly appreciated.

    As requested here are the logs. More posts to follow.

    RogueKiller V10.8.1.0 [Jun 3 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600 ) 64 bits version
    Started in : Safe mode with network support
    User : greg [Administrator]
    Started from : C:\Users\greg\OneDrive\Pictures\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 06/03/2015 23:04:56

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PCSUUCDRV -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCSUUCDRV -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main |

    Default_Page_URL : http://toshiba13.msn.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main |

    Default_Page_URL : http://toshiba13.msn.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [X]

    -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private

    Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D79C19F-2DD2-447C-

    A9EF-4B7D6F2787A6} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1D79C19F-2DD2-447C-A9EF-

    4B7D6F2787A6} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

    ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

    ConsentPromptBehaviorAdmin : 0 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
    --- User ---
    [MBR] a84dd93b5b19931ceaddbccc47850486
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1024 MB
    1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2099200 | Size: 260 MB
    2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2631680 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2893824 | Size: 699074 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1434597376 | Size: 451 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1435521024 | Size: 350 MB
    6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1436237824 | Size: 14116 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06032015_191840.log - RKreport_DEL_06032015_192048.log - RKreport_SCN_06032015_225536.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/06/2015
    Scan Time: 7:29:08 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.03.02
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: greg

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 476529
    Time Elapsed: 22 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.Spigot.A, HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF860DF9-0DB4-4950-8BE1-CEC61189B9FF}, Quarantined, [f35bf0c6c0cae5518e2d10d7a360a65a],

    Registry Values: 1
    PUP.Optional.Spigot.A, HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EF860DF9-0DB4-4950-8BE1-CEC61189B9FF}|URL, https://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}, Quarantined, [f35bf0c6c0cae5518e2d10d7a360a65a]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    PUP.Optional.Proinstall, C:\$Recycle.Bin\S-1-5-21-1144771067-2304087280-3493909680-1002\$R7F47MM\MBTT Dlx 17 Setup-40069288.exe, Quarantined, [81cd5b5bbad041f5f42c1737cb379868],
    PUP.Optional.Proinstall, C:\$Recycle.Bin\S-1-5-21-1144771067-2304087280-3493909680-1002\$R7F47MM\WDRSetup-39912922.exe, Quarantined, [cb83833327630c2a73adc98506fcd22e],
    PUP.Optional.Spigot.A, C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=");), Replaced,[09457e38afdb74c2a1fc85ec23e3d42c]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Go on.

    Please disable "word wrap" in Notepad because some of your logs are hard to read.
     
  6. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Ok,

    I have encountered another issue that seems impossible for me but for you...?

    I have reached the AdwCleaner part of the process. I have run the scan, AdwCleaner needed to restart after the scan to generate the report. As I can only run this machine in SafeMode the AdwCleaner report did not generate.

    Restarted the machine in Normal mode, a report was generated but the desktop was taken over by the "you are infected" pop up

    I have tried to search for the text document within this machine to no avail. The internet fails me too.

    What can I do?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run AdwCleaner.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Still with me?
     
  9. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Hello Broni, yes still with you.
     
  10. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    # AdwCleaner v4.206 - Logfile created 13/06/2015 at 20:05:09
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-09.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : greg - REDMACK620
    # Running from : C:\Users\greg\OneDrive\Pictures\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v38.0.5 (x86 en-US)

    [uvn7m32o.default\prefs.js] - Line Deleted : user_pref("extensions.CensureBlock.Subs_Rgxp_Block_URLspecAhrefIMGsrc", "\\.(?:(?:18123214069666\\d-)\\Da(?:a?-aabbydamdorablelexm(?:andaatoe?rbery)n(?:dreaettgelinanieus)propos[...]

    *************************

    AdwCleaner[R0].txt - [3066 bytes] - [01/06/2015 12:25:43]
    AdwCleaner[R1].txt - [1141 bytes] - [05/06/2015 01:16:21]
    AdwCleaner[R2].txt - [1223 bytes] - [13/06/2015 19:59:39]
    AdwCleaner[S0].txt - [2619 bytes] - [01/06/2015 12:39:45]
    AdwCleaner[S1].txt - [965 bytes] - [05/06/2015 01:27:14]
    AdwCleaner[S2].txt - [1137 bytes] - [13/06/2015 20:05:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1196 bytes] ##########
     
  11. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    The previous post was the second attempt at running AdwCleaner.

    Here is the original report Adwcleaner(S1).txt

    # AdwCleaner v4.206 - Logfile created 05/06/2015 at 01:27:14
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-01.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : greg - REDMACK620
    # Running from : C:\Users\greg\OneDrive\Pictures\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****

    Task Deleted : driverupdate startup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v38.0.5 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [3066 bytes] - [01/06/2015 12:25:43]
    AdwCleaner[R1].txt - [1141 bytes] - [05/06/2015 01:16:21]
    AdwCleaner[S0].txt - [2619 bytes] - [01/06/2015 12:39:45]
    AdwCleaner[S1].txt - [828 bytes] - [05/06/2015 01:27:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [886 bytes] ##########
     
  12. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.9.3 (06.13.2015:1)
    OS: Windows 8.1 x64
    Ran by greg on Sat 13/06/2015 at 20:43:40.92
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\DriverUpdate Scan
    Successfully deleted: [Task] C:\WINDOWS\tasks\DriverUpdate Scan.job



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\users\public\desktop\driverupdate.lnk



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
    Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driverupdate
    Successfully deleted: [Folder] C:\Users\greg\appdata\local\crashrpt
    Successfully deleted: [Folder] C:\Users\greg\appdata\local\slimware utilities inc





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 13/06/2015 at 20:45:21.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by greg (administrator) on REDMACK620 on 14-06-2015 18:38:38
    Running from C:\Users\greg\OneDrive\Pictures\Desktop
    Loaded Profiles: greg (Available Profiles: greg & Administrator & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-19] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-04-01] (NVIDIA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
    HKLM-x32\...\Run: [SacReminderBOX] => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-02] (SAC)
    HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-05] (Intel Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {394aaf3d-1ef3-11e4-bf36-24fd524d85ec} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {495dbc98-f088-11e4-824f-24fd524d85ec} - "F:\AutoRun.exe"
    AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
    AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-04-01] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-04-01] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartUtilityUpdate.lnk [2015-05-10]
    ShortcutTarget: SmartUtilityUpdate.lnk -> C:\Users\greg\AppData\Local\SmartUtilityUpdate\SmartUtilityUpdate.exe (TechnoChrome LLC)
    Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-14]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.mytoshiba.com.au/start
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {D0AD99D8-2C60-445A-B109-B7F58CA460CC} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-02] (Microsoft Corporation)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-02] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

    FireFox:
    ========
    FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default
    FF SelectedSearchEngine: Yahoo!
    FF Homepage: about:home
    FF Keyword.URL: https://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-02] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
    FF Extension: auto-plugin-checker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\auto-plugin-checker@jetpack.xpi [2015-05-19]
    FF Extension: CensureBlock - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\censureblock@gmail.com.xpi [2015-05-02]
    FF Extension: Strict Pop-up Blocker - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-05-02]
    FF Extension: Adblock Plus - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\uvn7m32o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-02]
    FF HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S4 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1522664 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S4 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
    S4 CFUACProxy_boxsoftware; C:\ProgramData\Clickfree\BoxSoftware\UACProxy.exe [83792 2011-11-02] (Storage Appliance Corp.)
    S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
    S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-26] ()
    S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-02-06] ()
    S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
    S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel(R) Corporation) [File not signed]
    S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel(R) Corporation)
    S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-27] (Intel Corporation)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165488 2012-12-19] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-27] (TOSHIBA CORPORATION)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-03] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
    R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
    S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
    S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.)
    S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [56680 2015-05-10] (Kingsoft Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-26] (TOSHIBA Corporation)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows (R) Win 7 DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-03] (Microsoft Corporation)
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-14 18:18 - 2015-06-14 18:23 - 00000154 _____ C:\WINDOWS\setupact.log
    2015-06-14 18:18 - 2015-06-14 18:18 - 00000000 _____ C:\WINDOWS\setuperr.log
    2015-06-13 20:43 - 2015-06-13 20:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-REDMACK620-Windows-8.1-(64-bit).dat
    2015-06-13 20:43 - 2015-06-13 20:43 - 00000000 ____D C:\RegBackup
    2015-06-03 23:32 - 2015-06-03 23:32 - 00002113 _____ C:\mbamscan.txt
    2015-06-03 23:05 - 2015-06-03 23:05 - 00003233 _____ C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\RKreport_DEL_06032015_230456.log
    2015-06-03 19:28 - 2015-06-03 23:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-06-03 19:24 - 2015-06-03 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-03 19:24 - 2015-06-03 19:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-03 19:24 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-06-03 19:24 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-06-03 19:12 - 2015-06-03 22:51 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-06-03 19:12 - 2015-06-03 19:14 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-03 01:02 - 2015-06-03 19:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-03 00:43 - 2015-06-14 18:38 - 00000000 ____D C:\FRST
    2015-06-03 00:34 - 2015-06-03 00:34 - 00000000 ____D C:\NPE
    2015-06-03 00:29 - 2015-06-14 18:34 - 00000000 ____D C:\Users\greg\AppData\Local\NPE
    2015-06-03 00:17 - 2015-06-13 20:16 - 00153302 _____ C:\WINDOWS\WindowsUpdate.log
    2015-06-01 15:45 - 2015-06-01 15:45 - 00000000 ____D C:\Program Files (x86)\ESET
    2015-06-01 12:25 - 2015-06-13 20:05 - 00000000 ____D C:\AdwCleaner
    2015-06-01 12:18 - 2015-06-03 19:24 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-01 12:18 - 2015-06-03 19:24 - 00000000 ____D C:\Users\greg\AppData\Roaming\Malwarebytes
    2015-06-01 12:18 - 2015-06-03 19:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-06-01 12:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-30 19:30 - 2015-05-30 19:30 - 00000000 ____D C:\WINDOWS\pss
    2015-05-30 10:07 - 2015-05-30 10:07 - 00000000 ___HD C:\ProgramData\CanonIJMIG
    2015-05-30 00:23 - 2015-05-30 00:30 - 00000000 ____D C:\Users\greg\Camera Roll
    2015-05-20 03:03 - 2015-05-20 03:04 - 171245482 _____ C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Wed, 20-May-2015[3 3 52].rrs4
    2015-05-20 02:54 - 2015-05-20 02:54 - 00000000 ____D C:\Unformat_Images
    2015-05-20 02:51 - 2015-05-20 02:51 - 00003252 _____ C:\WINDOWS\System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2}
    2015-05-19 14:48 - 2015-05-19 16:04 - 00000000 ____D C:\ProgramData\Protexis
    2015-05-19 14:46 - 2015-05-19 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
    2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D C:\ProgramData\Broderbund
    2015-05-19 14:45 - 2015-05-19 14:45 - 00000000 ____D C:\Program Files (x86)\Broderbund
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-05-19 11:01 - 2015-05-19 11:01 - 00000000 ____D C:\Program Files (x86)\TypeFaster
    2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 4.1
    2015-05-18 14:24 - 2015-05-18 14:24 - 00000000 ____D C:\Program Files (x86)\File Scavenger 4.1
    2015-05-18 11:37 - 2015-05-20 10:01 - 00000000 ____D C:\Program Files (x86)\Convar
    2015-05-18 11:29 - 2015-05-18 11:29 - 00000000 ____D C:\Program Files\EaseUS
    2015-05-18 11:19 - 2015-05-18 11:19 - 00000000 ____D C:\Program Files (x86)\CodeMeter
    2015-05-17 16:18 - 2015-05-17 16:19 - 171088206 _____ C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\Recovery Session File # Sun, 17-May-2015[16 18 52].rrs4
    2015-05-17 16:15 - 2015-05-20 03:14 - 00000000 ____D C:\ProgramData\TEMP
    2015-05-17 16:14 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
    2015-05-17 16:03 - 2015-05-17 16:03 - 00000000 ____D C:\Program Files (x86)\IUWEshare
    2015-05-17 15:42 - 2015-05-17 15:42 - 00000000 ____D C:\Users\greg\AppData\Roaming\AmazingFileRecovery
    2015-05-16 22:30 - 2015-05-16 22:30 - 00000000 ___HD C:\$AVG-SHREDDER-TMP-72ec5905-f21e-434b-9df8-3a3ecd072211
    2015-05-16 13:06 - 2015-05-16 13:06 - 00000000 ____D C:\Users\greg\OneDrive\Pictures\Desktop\Documents\Documents\002GJN
    2015-05-15 14:41 - 2015-05-15 14:41 - 00000000 ___HD C:\$AVG-SHREDDER-TMP-9b6fb606-a48c-4705-a2d4-1453ec417a5a

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-14 18:24 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-06-13 20:54 - 2013-08-22 21:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2015-06-13 20:17 - 2014-11-21 16:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-06-13 20:15 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-06-13 20:13 - 2015-05-05 19:42 - 00000000 ___RD C:\Users\greg\OneDrive
    2015-06-05 09:25 - 2015-05-01 21:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-06-05 09:07 - 2015-05-02 12:53 - 00000000 ____D C:\Users\greg
    2015-06-05 09:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-06-03 19:06 - 2015-05-01 14:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-03 00:17 - 2015-05-02 21:53 - 00004978 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620
    2015-06-01 12:12 - 2015-05-05 15:08 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2015-05-30 23:30 - 2015-05-01 13:41 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144771067-2304087280-3493909680-1002
    2015-05-30 19:21 - 2015-05-01 14:45 - 00000000 ____D C:\ProgramData\MFAData
    2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D C:\Users\Guest
    2015-05-30 16:35 - 2015-05-02 12:53 - 00000000 ____D C:\Users\Administrator
    2015-05-29 23:17 - 2015-05-01 17:46 - 00000000 ____D C:\Program Files\Recuva
    2015-05-28 12:51 - 2015-05-01 13:25 - 00000000 ____D C:\Users\greg\AppData\Local\Packages
    2015-05-26 10:51 - 2015-05-07 12:07 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F7463E1-A7A9-46AF-B237-0305C22DE536}
    2015-05-24 11:14 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
    2015-05-23 11:42 - 2012-07-26 15:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
    2015-05-23 11:41 - 2015-05-03 04:10 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2015-05-22 11:11 - 2015-05-01 14:51 - 00000992 _____ C:\Users\Public\Desktop\AVG 2015.lnk
    2015-05-22 11:11 - 2015-05-01 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-05-22 11:06 - 2015-05-02 19:03 - 00000000 ____D C:\Users\greg\AppData\Local\Avg
    2015-05-20 18:16 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-05-20 17:25 - 2015-05-07 13:58 - 00007594 _____ C:\Users\greg\AppData\Local\Resmon.ResmonCfg
    2015-05-19 10:01 - 2015-05-01 21:02 - 00000000 ____D C:\Users\greg\AppData\Local\Adobe
    2015-05-19 09:41 - 2015-05-01 21:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-05-19 09:08 - 2015-05-02 18:57 - 00002050 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
    2015-05-19 09:08 - 2013-03-31 12:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-05-16 16:39 - 2013-08-22 22:44 - 00482672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-15 11:31 - 2015-05-01 21:20 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== Files in the root of some directories =======

    2015-05-07 13:58 - 2015-05-20 17:25 - 0007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    C:\Users\greg\AppData\Local\Temp\Quarantine.exe
    C:\Users\greg\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-22 18:00

    ==================== End of log ============================
     
  15. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by greg at 2015-06-14 18:39:09
    Running from C:\Users\greg\OneDrive\Pictures\Desktop
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1144771067-2304087280-3493909680-500 - Administrator - Disabled) => C:\Users\Administrator
    greg (S-1-5-21-1144771067-2304087280-3493909680-1002 - Administrator - Enabled) => C:\Users\greg
    Guest (S-1-5-21-1144771067-2304087280-3493909680-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1144771067-2304087280-3493909680-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
    FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.8 - Qualcomm Atheros)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Aurora 29.0a2 (x86 en-US) (HKLM-x32\...\Aurora 29.0a2 (x86 en-US)) (Version: 29.0a2 - Mozilla)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
    AVG 2015 (Version: 15.0.4354 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
    Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Clickfree (HKLM-x32\...\{1EB9B986-CECA-4E05-B454-C9343EE9DDE7}) (Version: 3.16.449.0 - Clickfree Automatic Backup)
    DriverUpdate (HKLM-x32\...\{9DE6EA82-B1F4-4156-9565-B38A1AA2D924}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
    DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Essential Grammar in Use (HKLM-x32\...\{253C884B-3E62-4FA3-88AF-4861F1A1BCC3}) (Version: 1.00.0000 - Cambridge)
    Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
    File Scavenger 4.1 (en) (HKLM-x32\...\QueTek File Scavenger 4.1 (en)) (Version: 4.1.1.0 - QueTek Consulting Corporation)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41504) (Version: 3.8.0.41504.23 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Mavis Beacon Teaches Typing Deluxe 17 (HKLM-x32\...\{777A3891-D6D4-4C83-9367-FA45D40D40F3}) (Version: 17.00 - Broderbund Software)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MobiiHotspot 4G (HKLM-x32\...\MobiiHotspot 4G) (Version: 1.12.00.1020 - Huawei Technologies Co.,Ltd)
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
    Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.4 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
    TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
    TypeFaster Typing Tutor (HKLM-x32\...\TypeFaster) (Version: - )
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
    WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    19-05-2015 10:40:17 Scheduled Checkpoint
    23-05-2015 11:39:53 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0892901B-0C25-4A61-9E18-F66FD1D68D6F} - System32\Tasks\TOSHIBA\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2015-04-30] (Adobe Systems Incorporated)
    Task: {228218F2-C530-414B-9194-FE42960C55EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
    Task: {2A1BCFBB-0A7E-4532-A9A3-66891B1CED05} - System32\Tasks\Microsoft Office 15 Sync Maintenance for REDMACK620-greg REDMACK620 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-02] (Microsoft Corporation)
    Task: {3A7A3B86-8A20-4904-92C3-603A003AC74E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {3E6453B0-85CF-4E82-A65A-4D6235EEF91E} - System32\Tasks\TOSHIBA\TSleepSrv => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [2013-03-05] (TOSHIBA Corporation)
    Task: {53B65EDC-9043-41FB-BE99-BFDCABC12424} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2012-07-12] (TOSHIBA Corporation)
    Task: {548DD8EB-A46D-4815-86EB-7FB7417FF09C} - \DriverUpdate Scan No Task File <==== ATTENTION
    Task: {66333A93-97FA-4063-8A8C-2BEB4939D462} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
    Task: {6773E157-788D-42B0-8CBF-1E4F9F445434} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {82AF1A44-4104-483F-A9AB-317FC5F4EBE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {86D6C3F0-C864-4C9B-B35B-89930C362B9D} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {9C102E93-7053-4CA4-872B-7EA2CF9B7C25} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
    Task: {B6075E41-569B-4FFA-B560-ECE75C45E7EF} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-20] (Adobe Systems Incorporated)
    Task: {BA4D45E2-2143-4F63-B4E5-8B161EC28E36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: {C20CB1BE-F0F0-4786-A2DE-7613D7F53BE0} - System32\Tasks\{28B6EE38-811B-4F16-9FDA-6C4CEDCAF2B2} => pcalua.exe -a "C:\Users\greg\Programs\Uninstall Information\Art Plus\apui4.exe" -c /file:"C:\Users\greg\OneDrive\Pictures\Desktop\DPR\dpr.xui"
    Task: {C9F1A40B-B79C-485A-8E84-C5735659F290} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
    Task: {D0CA5739-6AA7-4EEE-BC45-6A18D4EE03F6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-15] (Microsoft Corporation)
    Task: {D2ED73B7-9E85-44B5-B7A8-BCA88A8554AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {EAC8B3E8-0866-4691-BAD9-0ADFC9C46E98} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-05] ()
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-01 23:33 - 2015-05-02 02:36 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\Users\greg\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\greg\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
    DNS Servers: 10.0.0.138

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: avgfws => 2
    MSCONFIG\Services: AVGIDSAgent => 2
    MSCONFIG\Services: avgwd => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CFUACProxy_boxsoftware => 2
    MSCONFIG\Services: CodeMeter.exe => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: dts_apo_service => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: HWDeviceService64.exe => 2
    MSCONFIG\Services: ICCS => 3
    MSCONFIG\Services: IJPLMSVC => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
    MSCONFIG\Services: Intel(R) ME Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: McComponentHostService => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: TMachInfo => 3
    MSCONFIG\Services: TODDSrv => 2
    MSCONFIG\Services: TOSHIBA eco Utility Service => 2
    MSCONFIG\Services: TPCHSrv => 3
    MSCONFIG\Services: UNS => 2
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SacReminderBOX"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{73279ADA-2BA1-49DD-B735-648B8BDB35DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D294C3FF-742F-4C6D-8C03-3884D789AA32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A84A61C9-61A9-4F3E-B6FF-96A691DCE1C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{805A6CAC-66BB-4C30-B9F8-599897C1017F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{2110D0AF-95F8-4646-9553-1B6CF9C8355A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{3F4A7174-A131-4E17-ACB0-E55D50EF9403}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    FirewallRules: [{603D064C-00E3-4851-BABD-52A8ACF6D7E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{D3B864AE-D537-45EA-9521-C2FFF25E936F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{FE2779A9-0E46-4AB8-988C-3FA6947D7C76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7B26CD1A-F1F9-4F20-A1B0-1B122AAD040D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{39262AD9-BAAD-46BA-89B1-C824270C9E06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DDA6948D-47A8-40A0-8B02-D3CDE587EF6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{90BF9C5A-7661-4778-9AC7-E5B2FEA5EDC9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{56677E13-5924-4CCF-9DED-C0C7AFA5F8B4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{BC8B9506-A7AA-48F9-A374-938C59CCDCDC}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
    FirewallRules: [{3799FAB3-4E74-4EAE-B3B2-CF7A71343D6D}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsiFD98.tmp\CnetInstaller-75715872.exe
    FirewallRules: [{85FC4D74-E077-4FE0-A9F7-8B6A171ED648}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsiFD98.tmp\CnetInstaller-75715872.exe
    FirewallRules: [{7629C29E-AECC-45CB-B387-DF7D00B99E43}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsaAFFE.tmp\CnetInstaller-10441764.exe
    FirewallRules: [{DF5C07D0-C7B5-47CC-81C2-3A5062A29941}] => (Allow) C:\Users\greg\AppData\Local\Temp\nsaAFFE.tmp\CnetInstaller-10441764.exe
    FirewallRules: [{47B90EF5-0572-48E7-A077-70628CA45C30}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{8E371A53-0B2C-412F-995F-BAFBC8D5D32C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{6A43F73E-17B3-4104-BF54-470C826971EE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{70F1992E-12D1-4A00-8741-055B7B4E4351}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{33D6F97E-4401-47D5-BEDA-B9BD72D02F9C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{4B2C3049-C6D1-4843-AE0F-BF0AAAA80D02}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2015 06:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 08:20:31 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 08:14:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 08:10:07 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 08:06:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 08:06:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 07:53:35 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/13/2015 07:48:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/05/2015 10:43:59 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

    Error: (06/05/2015 10:40:47 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.


    System errors:
    =============
    Error: (06/14/2015 06:39:20 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:20 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:20 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:20 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

    Error: (06/14/2015 06:39:10 PM) (Source: DCOM) (EventID: 10005) (User: REDMACK620)
    Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


    Microsoft Office:
    =========================
    Error: (06/14/2015 06:26:09 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 08:20:31 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 08:14:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 08:10:07 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 08:06:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 08:06:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 07:53:35 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/13/2015 07:48:49 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/05/2015 10:43:59 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe

    Error: (06/05/2015 10:40:47 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\greg\OneDrive\Pictures\Desktop\esetsmartinstaller_enu.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-30 21:19:45.747
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-05-30 21:08:44.637
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-05-30 21:04:31.375
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
    Percentage of memory in use: 34%
    Total physical RAM: 3960.15 MB
    Available physical RAM: 2582.81 MB
    Total Pagefile: 6520.15 MB
    Available Pagefile: 5234.86 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (TI31053700C) (Fixed) (Total:682.69 GB) (Free:626.55 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  16. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    For laughs I tried a restart in normal mode and the same pop up banner appears, rendering the desktop useless.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Uninstall McAfee Security Scan Plus, typical foistware.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Let me know if after running the above fix the issue is still there.
     

    Attached Files:

  18. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Hello Broni, thank you for your time and patence with this problem of mine. As requested

    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by greg at 2015-06-17 21:02:19 Run:1
    Running from C:\Users\greg\OneDrive\Pictures\Desktop
    Loaded Profiles: greg (Available Profiles: greg & Administrator & Guest)
    Boot Mode: Safe Mode (with Networking)
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {394aaf3d-1ef3-11e4-bf36-24fd524d85ec} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\...\MountPoints2: {495dbc98-f088-11e4-824f-24fd524d85ec} - "F:\AutoRun.exe"
    SearchScopes: HKU\S-1-5-21-1144771067-2304087280-3493909680-1002 -> {D0AD99D8-2C60-445A-B109-B7F58CA460CC} URL =
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    2015-05-07 13:58 - 2015-05-20 17:25 - 0007594 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
    C:\Users\greg\AppData\Local\Temp\Quarantine.exe
    C:\Users\greg\AppData\Local\Temp\sqlite3.dll
    Task: {548DD8EB-A46D-4815-86EB-7FB7417FF09C} - \DriverUpdate Scan No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9
    AlternateDataStreams: C:\Users\greg\OneDrive:ms-properties

    *****************

    "HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{394aaf3d-1ef3-11e4-bf36-24fd524d85ec}" => key removed successfully
    HKCR\CLSID\{394aaf3d-1ef3-11e4-bf36-24fd524d85ec} => key not found.
    "HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{495dbc98-f088-11e4-824f-24fd524d85ec}" => key removed successfully
    HKCR\CLSID\{495dbc98-f088-11e4-824f-24fd524d85ec} => key not found.
    "HKU\S-1-5-21-1144771067-2304087280-3493909680-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0AD99D8-2C60-445A-B109-B7F58CA460CC}" => key removed successfully
    HKCR\CLSID\{D0AD99D8-2C60-445A-B109-B7F58CA460CC} => key not found.
    SmbDrvI => Service removed successfully
    C:\Users\greg\AppData\Local\Resmon.ResmonCfg => moved successfully.
    C:\Users\greg\AppData\Local\Temp\Quarantine.exe => moved successfully.
    C:\Users\greg\AppData\Local\Temp\sqlite3.dll => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{548DD8EB-A46D-4815-86EB-7FB7417FF09C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{548DD8EB-A46D-4815-86EB-7FB7417FF09C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan" => key removed successfully
    C:\ProgramData\TEMP => ":6DDED7D9" ADS removed successfully.
    "C:\Users\greg\OneDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog 21:02:19 ====
     
  19. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Hello Broni, I tried a restart in normal mode, problem still persisting. I will attempt a screenshot and post that soon. Not that seeing what it is will make a big difference anyways.

    Twin
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Let's try to reset your router.

    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  21. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    Hello Broni

    Seeing as the access point I am using is not the usual means of accessing the www I do not wish to reset this particular router.

    Is there any particular reason why a reset would be beneficial?

    A 4G wifi hotspot is the usual means of internet access.

    Twinfire
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Tell me little bit more about how exactly you're accessing internet.
    Is this laptop or desktop?
     
  23. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    This particular machine is a laptop.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

     
  25. Twinfire

    Twinfire TS Rookie Topic Starter Posts: 53

    I am using my brothers wifi at the moment, the usual means of access is via a 4G wifi hotspot
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...