Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected [Closed]


  • This topic is locked This topic is locked

#1
marshall10488

marshall10488

    New Member

  • Member
  • Pip
  • 1 posts

So a message appeared about needing to install microsoft etc.... the owner then agreed to this and when the computer restarted all doctuments etc. had a .zzz file extension added to them (file_name.doc.zzz for example). below are the log files from your scan.

 

This text file opens evertime you start up the computer.

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia...._(cryptosystem)
 
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
 
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
 
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
 
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
 
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: djdkduep62kz4nzx.onion/A9F746282761716 
4. Follow the instructions on the site.
 
IMPORTANT INFORMATION:
Your personal page (using TOR): djdkduep62kz4nzx.onion/A9F746282761716 
Your personal identification number (if you open the site (or TOR 's) directly): A9F746282761716

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Flag Beach (administrator) on FLAGBEACH-PC on 12-07-2015 20:39:10
Running from C:\Users\Flag Beach\Desktop
Loaded Profiles: Flag Beach (Available Profiles: Flag Beach)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(KYOCERA MITA CORPORATION) C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(KYOCERA MITA Corporation) C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(KYOCERA MITA Corporation) C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907792 2012-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-08] (Wave Systems Corp.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [A9F746282761716] => C:\Users\Flag Beach\AppData\Roaming\svcmbi.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [SoftonicAssistant] => C:\Users\Flag Beach\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1835976 2015-03-25] ()
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [GoogleChromeAutoLaunch_9E2AFCD65C3CA9FE31B6555996096B82] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [] => mshta javascript:W0DvzO5LwD="sjqF1KH";Iz5=new%20ActiveXObject("WScript.Shell");F4PMUJt="bf9fara";VF3L3A=Iz5.RegRead("HKCU\\software\\d1464989\\730f9e9d");yzSxGt37gr="gEGuGK7RI1";eval(VF3L3A);hW0bsNRO= (the data entry has 8 more characters).
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [] => mshta javascript:e9nTCLo="3GB9bnHlu";P61m=new%20ActiveXObject("WScript.Shell");MROeV0r1I="NfxATb5";i1NZP=P61m.RegRead("HKCU\\software\\d1464989\\730f9e9d");sYvd6lD4z="hXXju06t";eval(i1NZP);YS0Lrjl="Te (the data entry has 9 more characters).
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [A9F746282761716] => C:\Users\Flag Beach\AppData\Roaming\svcmbi.exe
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Run: [**9f5f1209<*>] => mshta javascript:sPTgA8f="fEv6379gBu";QB95=new%20ActiveXObject("WScript.Shell");b0Gy3ZlFTB="G";w9l1At=QB95.RegRead("HKCU\\software\\d1464989\\730f9e9d");lUQUf3G5="nMekI2";eval(w9l1At);fuPL1jqKH="QGkT6 (the data entry has 3 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\Policies\Explorer: [NoControlPanel] 0
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_restore_files_smoey.html [2015-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\help_restore_files_smoey.txt [2015-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk [2014-12-30]
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe (KYOCERA MITA Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-08] (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238245748-1398098867-3105907631-1000 -> DefaultScope {3BEAF0B4-E574-4171-885E-F34F0D64CB91} URL = 
SearchScopes: HKU\S-1-5-21-1238245748-1398098867-3105907631-1000 -> {3BEAF0B4-E574-4171-885E-F34F0D64CB91} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{E51C9A23-A730-4CB8-B941-9CB60715F2DE}: [DhcpNameServer] 192.168.0.1 192.168.0.1
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-05-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-17]
CHR Extension: (YouTube) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Sheets) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12]
CHR Extension: (No Name) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfhchmcddgednidbagholiagdkoiejh [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Flag Beach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2015-07-12] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 SFUSVC; C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe [61440 2003-09-16] (KYOCERA MITA CORPORATION) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-12] (Enigma Software Group USA, LLC.)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-28] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-12] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3008144 2012-11-03] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2015-07-12] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S3 cpuz134; \??\C:\Users\FLAGBE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 21:13 - 2015-07-12 21:13 - 00153731 _____ C:\spyhunter.log
2015-07-12 20:39 - 2015-07-12 20:40 - 00021205 _____ C:\Users\Flag Beach\Desktop\FRST.txt
2015-07-12 20:37 - 2015-07-12 20:37 - 00015420 _____ C:\Users\Flag Beach\Downloads\FRST.txt
2015-07-12 20:36 - 2015-07-12 20:39 - 00000000 ____D C:\FRST
2015-07-12 20:35 - 2015-07-12 20:35 - 02133504 _____ (Farbar) C:\Users\Flag Beach\Desktop\FRST64.exe
2015-07-12 20:14 - 2015-07-12 20:14 - 00040627 _____ C:\sh4_service.log
2015-07-12 20:02 - 2015-07-12 19:10 - 00285747 _____ C:\shldr
2015-07-12 20:02 - 2015-07-12 19:10 - 00008192 _____ C:\shldr.mbr
2015-07-12 19:11 - 2015-07-12 19:11 - 00003354 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-07-12 19:11 - 2015-07-12 19:11 - 00000000 ____D C:\Users\Flag Beach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-07-12 19:11 - 2015-07-12 19:11 - 00000000 ____D C:\Users\Flag Beach\AppData\Roaming\Enigma Software Group
2015-07-12 19:11 - 2015-07-12 19:11 - 00000000 _____ C:\autoexec.bat
2015-07-12 19:10 - 2015-07-12 19:10 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-12 19:10 - 2015-07-12 19:10 - 00000000 ____D C:\sh4ldr
2015-07-12 19:09 - 2015-07-12 19:09 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Flag Beach\Downloads\SpyHunter-Installer.exe
2015-07-12 19:09 - 2015-07-12 19:09 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-12 08:56 - 2015-07-12 08:56 - 07720664 _____ (McAfee, Inc.) C:\Users\Flag Beach\Downloads\McAfeeSetup (1).exe
2015-07-12 08:40 - 2015-07-12 08:40 - 02416454 _____ C:\Users\Flag Beach\Desktop\HELP_RESTORE_FILES.BMP
2015-07-12 08:39 - 2015-07-12 08:39 - 00003815 _____ C:\Users\Flag Beach\Desktop\HELP_RESTORE_FILES.HTML
2015-07-12 08:39 - 2015-07-12 08:39 - 00002173 _____ C:\Users\Flag Beach\Desktop\HELP_RESTORE_FILES.TXT
2015-07-12 08:36 - 2015-07-12 08:36 - 00003815 _____ C:\Users\Public\help_restore_files_khjtq.html
2015-07-12 08:36 - 2015-07-12 08:36 - 00003815 _____ C:\Users\Public\Downloads\help_restore_files_khjtq.html
2015-07-12 08:36 - 2015-07-12 08:36 - 00003815 _____ C:\Users\Flag Beach\help_restore_files_khjtq.html
2015-07-12 08:36 - 2015-07-12 08:36 - 00003815 _____ C:\Users\Flag Beach\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_khjtq.html
2015-07-12 08:36 - 2015-07-12 08:36 - 00002173 _____ C:\Users\Public\help_restore_files_khjtq.txt
2015-07-12 08:36 - 2015-07-12 08:36 - 00002173 _____ C:\Users\Public\Downloads\help_restore_files_khjtq.txt
2015-07-12 08:36 - 2015-07-12 08:36 - 00002173 _____ C:\Users\Flag Beach\help_restore_files_khjtq.txt
2015-07-12 08:36 - 2015-07-12 08:36 - 00002173 _____ C:\Users\Flag Beach\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_khjtq.txt
2015-07-12 08:32 - 2015-07-12 08:32 - 00000000 ____D C:\Program Files\stinger
2015-07-12 08:30 - 2015-07-12 08:30 - 07720664 _____ (McAfee, Inc.) C:\Users\Flag Beach\Downloads\McAfeeSetup.exe
2015-07-12 08:29 - 2015-07-12 08:32 - 00003815 _____ C:\Users\Flag Beach\Documents\help_restore_files_khjtq.html
2015-07-12 08:29 - 2015-07-12 08:32 - 00002173 _____ C:\Users\Flag Beach\Documents\help_restore_files_khjtq.txt
2015-07-12 08:29 - 2015-07-12 08:29 - 00003815 _____ C:\Users\Flag Beach\Downloads\help_restore_files_khjtq.html
2015-07-12 08:29 - 2015-07-12 08:29 - 00003815 _____ C:\Users\Flag Beach\AppData\Local\help_restore_files_khjtq.html
2015-07-12 08:29 - 2015-07-12 08:29 - 00002173 _____ C:\Users\Flag Beach\Downloads\help_restore_files_khjtq.txt
2015-07-12 08:29 - 2015-07-12 08:29 - 00002173 _____ C:\Users\Flag Beach\AppData\Local\help_restore_files_khjtq.txt
2015-07-12 08:27 - 2014-09-18 19:13 - 00000114 ____H C:\DBAR_Ver.txt
2015-07-12 08:20 - 2015-07-12 08:36 - 00003815 _____ C:\Users\Public\Documents\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:36 - 00002173 _____ C:\Users\Public\Documents\help_restore_files_khjtq.txt
2015-07-12 08:20 - 2015-07-12 08:20 - 00003815 _____ C:\Users\Flag Beach\AppData\Roaming\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:20 - 00003815 _____ C:\Users\Flag Beach\AppData\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:20 - 00003815 _____ C:\ProgramData\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:20 - 00002173 _____ C:\Users\Flag Beach\AppData\Roaming\help_restore_files_khjtq.txt
2015-07-12 08:20 - 2015-07-12 08:20 - 00002173 _____ C:\Users\Flag Beach\AppData\help_restore_files_khjtq.txt
2015-07-12 08:20 - 2015-07-12 08:20 - 00002173 _____ C:\ProgramData\help_restore_files_khjtq.txt
2015-07-12 08:18 - 2015-07-12 08:18 - 00000249 _____ C:\Users\Flag Beach\Documents\Recovery_File_xmfoh.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Flag Beach\AppData\Roaming\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Flag Beach\AppData\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\Downloads\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\Documents\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\AppData\Roaming\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\AppData\Local\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default\AppData\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\Downloads\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\Documents\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\AppData\Roaming\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\AppData\Local\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00003815 _____ C:\Users\Default User\AppData\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Flag Beach\AppData\Roaming\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Flag Beach\AppData\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\Downloads\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\Documents\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\AppData\Roaming\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\AppData\Local\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default\AppData\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\Downloads\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\Documents\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\AppData\Roaming\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\AppData\Local\help_restore_files_smoey.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 00002173 _____ C:\Users\Default User\AppData\help_restore_files_smoey.txt
2015-07-12 08:13 - 2015-07-12 08:13 - 00003815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.html
2015-07-12 08:13 - 2015-07-12 08:13 - 00003815 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_restore_files_smoey.html
2015-07-12 08:13 - 2015-07-12 08:13 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\help_restore_files_smoey.txt
2015-07-12 08:13 - 2015-07-12 08:13 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\help_restore_files_smoey.txt
2015-07-12 08:12 - 2015-07-12 08:14 - 00003815 _____ C:\ProgramData\help_restore_files_smoey.html
2015-07-12 08:12 - 2015-07-12 08:14 - 00002173 _____ C:\ProgramData\help_restore_files_smoey.txt
2015-07-12 08:12 - 2015-07-12 08:12 - 00003815 _____ C:\Users\Public\Documents\help_restore_files_smoey.html
2015-07-12 08:12 - 2015-07-12 08:12 - 00003815 _____ C:\Program Files\help_restore_files_smoey.html
2015-07-12 08:12 - 2015-07-12 08:12 - 00002173 _____ C:\Users\Public\Documents\help_restore_files_smoey.txt
2015-07-12 08:12 - 2015-07-12 08:12 - 00002173 _____ C:\Program Files\help_restore_files_smoey.txt
2015-07-12 08:11 - 2015-07-12 08:11 - 00003815 _____ C:\Program Files\Common Files\help_restore_files_smoey.html
2015-07-12 08:11 - 2015-07-12 08:11 - 00002173 _____ C:\Program Files\Common Files\help_restore_files_smoey.txt
2015-07-12 08:10 - 2015-07-12 08:10 - 00003815 _____ C:\Users\help_restore_files_smoey.html
2015-07-12 08:10 - 2015-07-12 08:10 - 00002173 _____ C:\Users\help_restore_files_smoey.txt
2015-07-12 08:09 - 2015-07-12 08:09 - 00000249 _____ C:\Users\Flag Beach\Documents\Recovery_File_bcllw.txt
2015-07-12 07:48 - 2015-07-12 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-07 11:20 - 2015-07-12 08:26 - 00015502 _____ C:\Users\Flag Beach\Documents\Missing Information from staff Summer 2015.docx.zzz
2015-07-02 16:58 - 2015-07-12 08:29 - 00057662 _____ C:\Users\Flag Beach\Downloads\Copy of photo 1.JPG.zzz
2015-06-30 14:39 - 2015-07-12 21:13 - 00000000 ____D C:\Users\Flag Beach\AppData\Local\YhlPack
2015-06-30 14:35 - 2015-07-12 21:13 - 00000000 ____D C:\Users\Flag Beach\AppData\Local\Ozkhics
2015-06-25 11:43 - 2015-07-12 08:29 - 08368302 _____ C:\Users\Flag Beach\Downloads\ESTUDIO ECONOMICO DEL SERVICIO.pdf.zzz
2015-06-24 14:54 - 2015-07-12 08:22 - 00013262 _____ C:\Users\Flag Beach\Documents\bed note.docx.zzz
2015-06-15 12:59 - 2015-07-12 08:29 - 00123118 _____ C:\Users\Flag Beach\Downloads\Presupuesto-1.pdf.zzz
2015-06-15 12:57 - 2015-07-12 08:29 - 00044462 _____ C:\Users\Flag Beach\Downloads\PRESUPUESTO ELECTRODOMESTICOS.doc.zzz
2015-06-15 12:56 - 2015-07-12 08:29 - 00044718 _____ C:\Users\Flag Beach\Downloads\Outlook.com.zip.zzz
2015-06-12 16:47 - 2015-07-12 08:29 - 00173214 _____ C:\Users\Flag Beach\Downloads\BoardingPass (1).pdf.zzz
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 20:40 - 2014-05-28 09:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 20:36 - 2015-04-02 14:55 - 00005014 _____ C:\Windows\System32\Tasks\WSCEAA
2015-07-12 20:28 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 20:28 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 20:25 - 2014-12-22 18:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 20:24 - 2014-12-22 12:38 - 00000000 ____D C:\ProgramData\softthinks
2015-07-12 20:24 - 2014-05-28 09:01 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-12 20:20 - 2014-12-22 15:25 - 00000000 ____D C:\Users\Flag Beach\Documents\email files
2015-07-12 20:19 - 2014-05-28 18:37 - 02074450 _____ C:\Windows\WindowsUpdate.log
2015-07-12 20:19 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 20:15 - 2014-12-22 12:46 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-12 20:15 - 2014-12-22 12:46 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-12 20:14 - 2014-12-30 12:40 - 00000000 ____D C:\Users\Flag Beach\AppData\Local\SoftonicAssistant
2015-07-12 20:14 - 2014-12-22 18:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 20:14 - 2010-11-21 04:47 - 00201976 _____ C:\Windows\PFRO.log
2015-07-12 20:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 20:14 - 2009-07-14 05:51 - 00037670 _____ C:\Windows\setupact.log
2015-07-12 19:11 - 2014-12-22 21:25 - 00001089 _____ C:\Users\Flag Beach\Desktop\SpyHunter.lnk
2015-07-12 09:55 - 2015-01-08 07:41 - 00000000 ____D C:\Users\Flag Beach\AppData\Local\CrashDumps
2015-07-12 08:36 - 2014-12-22 12:31 - 00000000 ____D C:\Users\Flag Beach
2015-07-12 08:36 - 2014-05-28 08:53 - 00000000 ____D C:\Users\Public\Downloads\Dell
2015-07-12 08:36 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-12 08:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-12 08:32 - 2014-05-28 09:07 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-07-12 08:32 - 2012-11-09 05:35 - 00786296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-07-12 08:29 - 2015-06-03 11:51 - 00058542 _____ C:\Users\Flag Beach\Downloads\0389202FS0708N0001YO.pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:51 - 00057198 _____ C:\Users\Flag Beach\Downloads\0389009FS0708N0002HP.pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:50 - 00058622 _____ C:\Users\Flag Beach\Downloads\0389201FS0708N0001BO.pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:50 - 00058078 _____ C:\Users\Flag Beach\Downloads\0389003FS0708N0001UO.pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:48 - 00058078 _____ C:\Users\Flag Beach\Downloads\0389008FS0708N0001YO.pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:48 - 00058078 _____ C:\Users\Flag Beach\Downloads\0389008FS0708N0001YO (1).pdf.zzz
2015-07-12 08:29 - 2015-06-03 11:48 - 00057198 _____ C:\Users\Flag Beach\Downloads\0389009FS0708N0001GO.pdf.zzz
2015-07-12 08:29 - 2015-05-28 16:33 - 00174206 _____ C:\Users\Flag Beach\Downloads\BoardingPass.pdf.zzz
2015-07-12 08:29 - 2015-04-15 20:00 - 00000446 _____ C:\Users\Flag Beach\Downloads\wetransfer-da4e70.zip.zzz
2015-07-12 08:29 - 2015-04-13 15:09 - 00128638 _____ C:\Users\Flag Beach\Downloads\2015-04-64187a8a-845e-44a4-9dd5-aac41204397c.pdf.zzz
2015-07-12 08:29 - 2015-04-08 13:54 - 00137886 _____ C:\Users\Flag Beach\Downloads\Kitchen 1.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:54 - 00137886 _____ C:\Users\Flag Beach\Downloads\Kitchen 1 (1).jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:53 - 00078718 _____ C:\Users\Flag Beach\Downloads\Kitchen.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:52 - 00148574 _____ C:\Users\Flag Beach\Downloads\Kitchen 2.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:47 - 03608590 _____ C:\Users\Flag Beach\Downloads\DSC00459.JPG.zzz
2015-07-12 08:29 - 2015-04-08 13:40 - 07025358 _____ C:\Users\Flag Beach\Downloads\DSC00512.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:40 - 03263646 _____ C:\Users\Flag Beach\Downloads\Copy (2) of Bedroom.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:15 - 10603646 _____ C:\Users\Flag Beach\Downloads\Copy of DSC00171.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:15 - 05907678 _____ C:\Users\Flag Beach\Downloads\Bathrrom 2.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:14 - 05292334 _____ C:\Users\Flag Beach\Downloads\Bathroom 1.jpg.zzz
2015-07-12 08:29 - 2015-04-08 13:08 - 03886798 _____ C:\Users\Flag Beach\Downloads\bathroom 2b.JPG.zzz
2015-07-12 08:29 - 2015-04-08 13:07 - 04384622 _____ C:\Users\Flag Beach\Downloads\Bathroom 2 a.jpg.zzz
2015-07-12 08:29 - 2015-04-03 13:13 - 00999406 _____ C:\Users\Flag Beach\Downloads\sol_y_mar_pics-2015-04-03.zip.zzz
2015-07-12 08:29 - 2015-04-01 16:44 - 00007294 _____ C:\Users\Flag Beach\Downloads\ea.jpg.zzz
2015-07-12 08:29 - 2015-04-01 16:35 - 00007086 _____ C:\Users\Flag Beach\Downloads\96.jpg.zzz
2015-07-12 08:29 - 2015-04-01 16:35 - 00007086 _____ C:\Users\Flag Beach\Downloads\96 (1).jpg.zzz
2015-07-12 08:29 - 2015-03-25 17:42 - 00150078 _____ C:\Users\Flag Beach\Downloads\Diploma-2015-mar.-25-174140.zip.zzz
2015-07-12 08:29 - 2015-03-25 17:41 - 00150078 _____ C:\Users\Flag Beach\Downloads\Diploma-2015-mar.-25-174130.zip.zzz
2015-07-12 08:29 - 2015-01-24 17:38 - 00057262 _____ C:\Users\Flag Beach\Downloads\calendar-february-2015-portrait.doc.zzz
2015-07-12 08:29 - 2015-01-24 17:37 - 00057774 _____ C:\Users\Flag Beach\Downloads\calendar-january-2015-landscape.doc.zzz
2015-07-12 08:29 - 2014-12-30 13:25 - 00000000 ____D C:\Users\Flag Beach\Documents\Visual Studio 2013
2015-07-12 08:29 - 2014-12-28 16:06 - 00257966 _____ C:\Users\Flag Beach\Documents\Surf Camp it. CONTRACT_Flag Beach windsurf centre.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00195694 _____ C:\Users\Flag Beach\Documents\Wind statII.xlsx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00107614 _____ C:\Users\Flag Beach\Documents\tourist centre.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00058926 _____ C:\Users\Flag Beach\Documents\Tourist Centre.xlsx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00044974 _____ C:\Users\Flag Beach\Documents\Surf Packages 2.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00036782 _____ C:\Users\Flag Beach\Documents\Windsurf Packages 2.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00033870 _____ C:\Users\Flag Beach\Documents\Tour Ops1 emails.rtf.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00030638 _____ C:\Users\Flag Beach\Documents\spanish confirmation.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00026030 _____ C:\Users\Flag Beach\Documents\surfcampdetails.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00026030 _____ C:\Users\Flag Beach\Documents\surfcampdetails IB.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00026030 _____ C:\Users\Flag Beach\Documents\SURF SCHOOL DESCRIPTION FORM.doc.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00013790 _____ C:\Users\Flag Beach\Documents\Store stock list.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00012910 _____ C:\Users\Flag Beach\Documents\Surf package price office.xlsx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00012702 _____ C:\Users\Flag Beach\Documents\surf translation.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00011662 _____ C:\Users\Flag Beach\Documents\Site Minder Info page.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00011630 _____ C:\Users\Flag Beach\Documents\surf course description.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00011422 _____ C:\Users\Flag Beach\Documents\Voucher.docx.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00005934 _____ C:\Users\Flag Beach\Documents\SingleDayArrivals.rtf.zzz
2015-07-12 08:29 - 2014-12-28 16:06 - 00000910 _____ C:\Users\Flag Beach\Documents\spider.sav.zzz
2015-07-12 08:29 - 2014-12-28 16:02 - 00000000 ____D C:\Users\Flag Beach\Documents\visas
2015-07-12 08:29 - 2014-12-28 16:02 - 00000000 ____D C:\Users\Flag Beach\Documents\Updater
2015-07-12 08:29 - 2014-12-28 16:02 - 00000000 ____D C:\Users\Flag Beach\Documents\SendBlaster3
2015-07-12 08:29 - 2014-12-28 16:01 - 00000000 ____D C:\Users\Flag Beach\Documents\Rachel
2015-07-12 08:29 - 2014-12-28 14:55 - 00000000 ____D C:\Users\Flag Beach\Downloads\vb
2015-07-12 08:29 - 2014-12-22 22:33 - 00000000 ____D C:\Users\Flag Beach\Downloads\Manual
2015-07-12 08:29 - 2014-12-22 22:33 - 00000000 ____D C:\Users\Flag Beach\Downloads\KyoClassicUniversalPCL6_v1.53_signed
2015-07-12 08:29 - 2014-12-22 22:33 - 00000000 ____D C:\Users\Flag Beach\Downloads\KyoClassicUniversalPCL5_v2.93_signed
2015-07-12 08:29 - 2014-12-22 22:33 - 00000000 ____D C:\Users\Flag Beach\Downloads\KyoClassicUniversalKPDL_v2.93_signed
2015-07-12 08:29 - 2014-12-22 22:29 - 00000000 ____D C:\Users\Flag Beach\Download
2015-07-12 08:29 - 2014-12-22 22:22 - 25405262 _____ C:\Users\Flag Beach\Downloads\KyoceraClassicU...ified140611.zip.zzz
2015-07-12 08:29 - 2014-12-22 21:53 - 00011902 _____ C:\Users\Flag Beach\Documents\ws course timetable.xlsx.zzz
2015-07-12 08:29 - 2014-06-11 12:06 - 00313614 _____ C:\Users\Flag Beach\Downloads\Kyocera Classic Universaldriver Release Note.pdf.zzz
2015-07-12 08:28 - 2014-12-28 16:06 - 00035246 _____ C:\Users\Flag Beach\Documents\PRESSRELEASE_SURF_FUERTEV2.doc.zzz
2015-07-12 08:28 - 2014-12-28 16:06 - 00025518 _____ C:\Users\Flag Beach\Documents\Phone numbers.doc.zzz
2015-07-12 08:28 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\outlook 3
2015-07-12 08:28 - 2014-12-22 15:18 - 00000000 ____D C:\Users\Flag Beach\Documents\Outlook Files
2015-07-12 08:27 - 2014-12-28 16:05 - 00039198 _____ C:\Users\Flag Beach\Documents\Operating costs hotel.xlsx.zzz
2015-07-12 08:27 - 2014-12-28 16:05 - 00021422 _____ C:\Users\Flag Beach\Documents\nota de abono.xls.zzz
2015-07-12 08:27 - 2014-12-28 16:05 - 00015310 _____ C:\Users\Flag Beach\Documents\OfficeTelephone List.docx.zzz
2015-07-12 08:27 - 2014-12-22 21:57 - 00000000 ___RD C:\Users\Flag Beach\Documents\My Stationery
2015-07-12 08:27 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\OneNote Notebooks
2015-07-12 08:27 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\My Received Files
2015-07-12 08:26 - 2014-12-28 16:05 - 54666158 _____ C:\Users\Flag Beach\Documents\Instructors Manual Flag Beach ben.doc.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 06124142 _____ C:\Users\Flag Beach\Documents\Mod 421 2014.pdf.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 04410430 _____ C:\Users\Flag Beach\Documents\Kyocera Operating Guide.pdf.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 02945166 _____ C:\Users\Flag Beach\Documents\FS-1118MFP-KM-1820-OG-UK-B.pdf.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00156846 _____ C:\Users\Flag Beach\Documents\Flag Beach google.jpg.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00072622 _____ C:\Users\Flag Beach\Documents\KS package.doc.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00048046 _____ C:\Users\Flag Beach\Documents\Fuerteventura Nord.doc.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00047022 _____ C:\Users\Flag Beach\Documents\Kitesurfsurf Packages.doc.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00024494 _____ C:\Users\Flag Beach\Documents\Flag Beach - Apr 10.doc.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00018990 _____ C:\Users\Flag Beach\Documents\FBtext (2).docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00016046 _____ C:\Users\Flag Beach\Documents\First Aid Kits.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00014990 _____ C:\Users\Flag Beach\Documents\Invoice 2015.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00013502 _____ C:\Users\Flag Beach\Documents\kitesurf package list office.xlsx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00013294 _____ C:\Users\Flag Beach\Documents\Instructor Telephone List.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00013278 _____ C:\Users\Flag Beach\Documents\LandRover Trip 1957.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00011854 _____ C:\Users\Flag Beach\Documents\FB office rental price list.xlsx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00011806 _____ C:\Users\Flag Beach\Documents\invoice funsurf.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00011662 _____ C:\Users\Flag Beach\Documents\Goto learn.docx.zzz
2015-07-12 08:26 - 2014-12-28 16:05 - 00000494 _____ C:\Users\Flag Beach\Documents\LicenceKeys.txt.zzz
2015-07-12 08:26 - 2014-12-22 21:57 - 00000000 ___SD C:\Users\Flag Beach\Documents\My Data Sources
2015-07-12 08:26 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\Kyocera
2015-07-12 08:26 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\kiosk
2015-07-12 08:26 - 2014-12-22 21:57 - 00000000 ____D C:\Users\Flag Beach\Documents\Flying
2015-07-12 08:26 - 2014-12-22 21:56 - 00000000 ____D C:\Users\Flag Beach\Documents\FB all
2015-07-12 08:23 - 2014-12-22 21:55 - 00000000 ___RD C:\Users\Flag Beach\Documents\Dropbox
2015-07-12 08:22 - 2015-06-07 08:31 - 03183022 _____ C:\Users\Flag Beach\Documents\Arrivals_20152.accdb.zzz
2015-07-12 08:22 - 2015-05-06 12:04 - 03183022 _____ C:\Users\Flag Beach\Documents\Arrivals_0060515.accdb.zzz
2015-07-12 08:22 - 2015-04-26 08:56 - 03183022 _____ C:\Users\Flag Beach\Documents\Arrivals_20151.accdb.zzz
2015-07-12 08:22 - 2015-03-30 20:26 - 03183022 _____ C:\Users\Flag Beach\Documents\Arrivals_2015.accdb.zzz
2015-07-12 08:22 - 2015-03-27 19:59 - 00066846 _____ C:\Users\Flag Beach\Documents\Doc2.docx.zzz
2015-07-12 08:22 - 2015-02-03 16:28 - 00000000 ____D C:\Users\Flag Beach\Documents\Credit notes
2015-07-12 08:22 - 2014-12-28 16:05 - 20980142 _____ C:\Users\Flag Beach\Documents\Arrivals 2012.accdb.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 03546542 _____ C:\Users\Flag Beach\Documents\Copy of inventury shop 08.xls.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 01948078 _____ C:\Users\Flag Beach\Documents\Copy of inventury shop 08-09 eggi2.xlsx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 01937326 _____ C:\Users\Flag Beach\Documents\Contact.xls.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00626078 _____ C:\Users\Flag Beach\Documents\CIMG5265.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00608174 _____ C:\Users\Flag Beach\Documents\CIMG0769.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00595662 _____ C:\Users\Flag Beach\Documents\CIMG0289.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00581982 _____ C:\Users\Flag Beach\Documents\CIMG3225.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00578862 _____ C:\Users\Flag Beach\Documents\CIMG5307.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00572286 _____ C:\Users\Flag Beach\Documents\CIMG5851.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00570830 _____ C:\Users\Flag Beach\Documents\CIMG0799.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00557358 _____ C:\Users\Flag Beach\Documents\CIMG0797.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00555086 _____ C:\Users\Flag Beach\Documents\CIMG5140.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00549742 _____ C:\Users\Flag Beach\Documents\CIMG0719.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00546926 _____ C:\Users\Flag Beach\Documents\CIMG0720.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00517406 _____ C:\Users\Flag Beach\Documents\CIMG3901.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00515598 _____ C:\Users\Flag Beach\Documents\CIMG3908.JPG.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00119214 _____ C:\Users\Flag Beach\Documents\Copy of inventury shop 08 sheet.xls.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00113070 _____ C:\Users\Flag Beach\Documents\Booking_form_2010_(v1)[1].doc.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00034206 _____ C:\Users\Flag Beach\Documents\dec5addbook.csv.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00032174 _____ C:\Users\Flag Beach\Documents\cake recipes.doc.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00026542 _____ C:\Users\Flag Beach\Documents\Course descriptions.doc.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00026030 _____ C:\Users\Flag Beach\Documents\Contactos.xls.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00016046 _____ C:\Users\Flag Beach\Documents\Copy of wsc timetable  8  9.xlsx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00013582 _____ C:\Users\Flag Beach\Documents\Benedict.docx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00011246 _____ C:\Users\Flag Beach\Documents\B Thomas simon wooler.docx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00011182 _____ C:\Users\Flag Beach\Documents\Body Board Surfari.docx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00010510 _____ C:\Users\Flag Beach\Documents\Copy of Board list summer 2014.xlsx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00010126 _____ C:\Users\Flag Beach\Documents\board list 2014.xlsx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00009518 _____ C:\Users\Flag Beach\Documents\Copy of phone numbers.xlsx.zzz
2015-07-12 08:22 - 2014-12-28 16:05 - 00001166 _____ C:\Users\Flag Beach\Documents\Arrivals2008.accdb.lnk.zzz
2015-07-12 08:22 - 2014-12-22 21:54 - 00000000 ____D C:\Users\Flag Beach\Documents\Downloaded Program Updates
2015-07-12 08:22 - 2014-12-22 21:54 - 00000000 ____D C:\Users\Flag Beach\Documents\brian fotos
2015-07-12 08:22 - 2014-12-22 21:54 - 00000000 ____D C:\Users\Flag Beach\Documents\BlackBerry
2015-07-12 08:22 - 2014-12-22 21:53 - 00000000 ____D C:\Users\Flag Beach\Documents\AGENCY PRICES
2015-07-12 08:22 - 2014-12-22 21:53 - 00000000 ____D C:\Users\Flag Beach\Documents\Agency Invoices
2015-07-12 08:22 - 2014-12-22 21:53 - 00000000 ____D C:\Users\Flag Beach\Documents\Accommodation
2015-07-12 08:21 - 2014-12-22 21:25 - 00000510 _____ C:\Users\Flag Beach\Desktop\WirelessPassword.txt.zzz
2015-07-12 08:20 - 2015-03-26 07:51 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-12 08:20 - 2014-12-30 13:49 - 00000000 ____D C:\ProgramData\KyoceraMita
2015-07-12 08:20 - 2014-12-30 13:18 - 00000000 ____D C:\ProgramData\NuGet
2015-07-12 08:20 - 2014-12-30 07:54 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-07-12 08:20 - 2014-12-29 12:34 - 00000000 ____D C:\ProgramData\Kyocera
2015-07-12 08:20 - 2014-12-22 22:00 - 00000000 ____D C:\ProgramData\TEMP
2015-07-12 08:20 - 2014-12-22 21:34 - 00000000 ____D C:\ProgramData\SpeedyPC Software
2015-07-12 08:20 - 2014-05-28 09:48 - 00000000 ____D C:\ProgramData\Intel
2015-07-12 08:20 - 2014-05-28 09:09 - 00000000 ____D C:\ProgramData\Adobe
2015-07-12 08:20 - 2014-05-28 09:06 - 00000000 ____D C:\ProgramData\Invincea
2015-07-12 08:20 - 2014-05-28 09:02 - 00000000 ____D C:\Temp
2015-07-12 08:20 - 2014-05-28 08:59 - 00000000 ____D C:\ProgramData\Dell
2015-07-12 08:20 - 2014-05-28 08:54 - 00000000 ____D C:\ProgramData\Security Innovation
2015-07-12 08:20 - 2014-05-28 08:53 - 00000000 ____D C:\ProgramData\Wave Systems Corp
2015-07-12 08:19 - 2014-12-29 12:46 - 00000000 ____D C:\kyoscan
2015-07-12 08:19 - 2014-05-28 18:38 - 00000000 ____D C:\Intel
2015-07-12 08:18 - 2014-12-22 21:31 - 00000000 ____D C:\AABOOKINGS EURO
2015-07-12 08:18 - 2011-02-10 15:25 - 00000000 ____D C:\dell
2015-07-12 08:15 - 2015-05-11 08:12 - 00000000 ____D C:\Users\Flag Beach\Desktop\New folder
2015-07-12 08:15 - 2015-04-15 16:18 - 00218814 _____ C:\Users\Flag Beach\Desktop\logo 2015.jpg.zzz
2015-07-12 08:15 - 2015-04-08 08:43 - 00000000 ____D C:\Users\Flag Beach\Desktop\Pictures 2015
2015-07-12 08:15 - 2015-04-06 09:49 - 04148510 _____ C:\Users\Flag Beach\Desktop\timfay.jpg.zzz
2015-07-12 08:15 - 2015-03-21 11:19 - 00018590 _____ C:\Users\Flag Beach\Desktop\new beginner courses lil ben spanish.docx.zzz
2015-07-12 08:15 - 2015-03-07 19:05 - 00016206 _____ C:\Users\Flag Beach\Desktop\new beginner courses.docx.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 08767150 _____ C:\Users\Flag Beach\Desktop\Mod 420 & 425 2013.pdf.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 00803854 _____ C:\Users\Flag Beach\Desktop\Social-Media-for-Vacation-Rental-Marketing-eBook.pdf.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 00068702 _____ C:\Users\Flag Beach\Desktop\transfer list.xlsx.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 00016206 _____ C:\Users\Flag Beach\Desktop\surfcamp online.docx.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 00013998 _____ C:\Users\Flag Beach\Desktop\Page titles.xlsx.zzz
2015-07-12 08:15 - 2014-12-22 21:25 - 00012078 _____ C:\Users\Flag Beach\Desktop\Newsletter 2014.docx.zzz
2015-07-12 08:15 - 2014-12-22 21:24 - 00000000 ____D C:\Users\Flag Beach\Desktop\SecureForm_files
2015-07-12 08:15 - 2014-12-22 21:24 - 00000000 ____D C:\Users\Flag Beach\Desktop\pics march 2014
2015-07-12 08:15 - 2014-12-22 21:24 - 00000000 ____D C:\Users\Flag Beach\Desktop\Photos
2015-07-12 08:14 - 2015-05-06 11:58 - 04451150 _____ C:\Users\Flag Beach\Desktop\FB_2015_german.pdf.zzz
2015-07-12 08:14 - 2015-05-06 11:58 - 04448942 _____ C:\Users\Flag Beach\Desktop\FB_2015_french.pdf.zzz
2015-07-12 08:14 - 2015-05-06 11:58 - 04447694 _____ C:\Users\Flag Beach\Desktop\Flagbeach_2015_italiano.pdf.zzz
2015-07-12 08:14 - 2015-05-06 11:57 - 04448910 _____ C:\Users\Flag Beach\Desktop\FB_2015_epañol.pdf.zzz
2015-07-12 08:14 - 2015-05-06 11:56 - 04451006 _____ C:\Users\Flag Beach\Desktop\FB_2015_english.pdf.zzz
2015-07-12 08:14 - 2015-04-14 12:55 - 00014734 _____ C:\Users\Flag Beach\Desktop\Inventario Las Fuentes 101.docx.zzz
2015-07-12 08:14 - 2015-04-09 11:22 - 00000000 ____D C:\Users\Flag Beach\Desktop\Extranet   Surfholidays.com_files
2015-07-12 08:14 - 2015-03-27 20:02 - 00066878 _____ C:\Users\Flag Beach\Desktop\Doc2.docx.zzz
2015-07-12 08:14 - 2015-03-27 19:55 - 00060686 _____ C:\Users\Flag Beach\Desktop\Doc1.docx.zzz
2015-07-12 08:14 - 2015-03-17 09:34 - 00147054 _____ C:\Users\Flag Beach\Desktop\gallery_spain-fuerteventura-corralejo__0275578_1412160146.jpg.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 46542846 _____ C:\Users\Flag Beach\Desktop\Agency pack 2013.pdf.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 01924526 _____ C:\Users\Flag Beach\Desktop\Copy of Emailsnew.xls.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 01648558 _____ C:\Users\Flag Beach\Desktop\discover canariasSC.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 01648558 _____ C:\Users\Flag Beach\Desktop\discover canarias.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 01647534 _____ C:\Users\Flag Beach\Desktop\discover canarias KC.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00836590 _____ C:\Users\Flag Beach\Desktop\benmarshallpassport.pdf.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00703086 _____ C:\Users\Flag Beach\Desktop\IBsurflist.xlsx.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00056750 _____ C:\Users\Flag Beach\Desktop\IslandBoarders_Text.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00056238 _____ C:\Users\Flag Beach\Desktop\bouncedemails1.xls.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00027598 _____ C:\Users\Flag Beach\Desktop\emails.xlsx.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00026030 _____ C:\Users\Flag Beach\Desktop\directions to magnolia 31.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00025518 _____ C:\Users\Flag Beach\Desktop\French confirmation.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00024494 _____ C:\Users\Flag Beach\Desktop\chasing deposit.doc.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00012958 _____ C:\Users\Flag Beach\Desktop\Flagbeach.docx.zzz
2015-07-12 08:14 - 2014-12-22 21:25 - 00010638 _____ C:\Users\Flag Beach\Desktop\emailsCSV.csv.zzz
2015-07-12 08:14 - 2014-12-22 21:24 - 00000000 ____D C:\Users\Flag Beach\Desktop\itaka fotos
2015-07-12 08:14 - 2014-12-22 21:24 - 00000000 ____D C:\Users\Flag Beach\Desktop\Instructor manual
2015-07-12 08:14 - 2014-12-22 21:23 - 00000000 ____D C:\Users\Flag Beach\Desktop\IB website
2015-07-12 08:14 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2015-07-12 08:14 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-12 08:14 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-12 08:14 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-12 08:14 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-12 08:13 - 2015-03-27 07:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-12 08:13 - 2014-12-30 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scanner User Software
2015-07-12 08:13 - 2014-12-30 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-07-12 08:13 - 2014-12-30 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-07-12 08:13 - 2014-12-30 12:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-12 08:13 - 2014-12-30 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
2015-07-12 08:13 - 2014-12-22 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-07-12 08:13 - 2014-12-22 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-12 08:13 - 2014-12-22 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-12 08:13 - 2014-12-22 12:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-12 08:13 - 2014-05-28 09:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-07-12 08:13 - 2014-05-28 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-12 08:13 - 2010-11-21 08:16 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-07-12 08:13 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-12 08:13 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-12 08:13 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-12 08:12 - 2015-03-27 07:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-12 08:12 - 2014-12-30 13:04 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-12 08:12 - 2014-12-30 13:03 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-07-12 08:12 - 2014-12-28 16:29 - 00000000 ____D C:\Program Files\Kyocera
2015-07-12 08:12 - 2014-12-22 12:38 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-12 08:12 - 2014-05-28 18:38 - 00000000 ____D C:\Program Files\Realtek
2015-07-12 08:12 - 2014-05-28 09:47 - 00000000 ____D C:\Program Files\Intel
2015-07-12 08:12 - 2014-05-28 09:42 - 00000000 ____D C:\Program Files\Dell Inc
2015-07-12 08:12 - 2014-05-28 08:54 - 00000000 ____D C:\Program Files\Dell
2015-07-12 08:12 - 2010-11-21 08:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\MSBuild
2015-07-12 08:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-12 08:12 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2015-07-12 08:11 - 2014-12-22 12:37 - 00000000 __RHD C:\MSOCache
2015-07-12 08:11 - 2014-05-28 18:38 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-07-12 08:11 - 2014-05-28 08:54 - 00000000 ____D C:\Program Files\Common Files\SPBA
2015-07-12 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-12 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-07-12 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Services
2015-07-12 08:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-12 08:10 - 2014-12-22 12:39 - 00000510 ____H C:\DBAR_Ver.txt.zzz
2015-07-12 08:10 - 2014-05-28 18:13 - 00001198 _____ C:\installlog.txt.zzz
2015-07-11 06:59 - 2014-12-22 12:32 - 00000000 ____D C:\Users\Flag Beach\AppData\Roaming\Adobe
2015-07-09 07:53 - 2014-05-28 09:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 07:53 - 2014-05-28 09:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 07:53 - 2014-05-28 09:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 18:45 - 2014-12-22 18:31 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-30 14:39 - 2015-03-20 14:20 - 00000000 __SHD C:\Users\Flag Beach\AppData\Local\EmieBrowserModeList
2015-06-30 14:39 - 2014-12-22 15:49 - 00000000 __SHD C:\Users\Flag Beach\AppData\Local\EmieUserList
2015-06-30 14:39 - 2014-12-22 15:49 - 00000000 __SHD C:\Users\Flag Beach\AppData\Local\EmieSiteList
2015-06-23 12:27 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2015-07-12 08:12 - 2015-07-12 08:12 - 0003815 _____ () C:\Program Files\help_restore_files_smoey.html
2015-07-12 08:12 - 2015-07-12 08:12 - 0002173 _____ () C:\Program Files\help_restore_files_smoey.txt
2015-07-12 08:11 - 2015-07-12 08:11 - 0003815 _____ () C:\Program Files\Common Files\help_restore_files_smoey.html
2015-07-12 08:11 - 2015-07-12 08:11 - 0002173 _____ () C:\Program Files\Common Files\help_restore_files_smoey.txt
2015-07-12 08:20 - 2015-07-12 08:20 - 0003815 _____ () C:\Users\Flag Beach\AppData\Roaming\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:20 - 0002173 _____ () C:\Users\Flag Beach\AppData\Roaming\help_restore_files_khjtq.txt
2015-07-12 08:14 - 2015-07-12 08:14 - 0003815 _____ () C:\Users\Flag Beach\AppData\Roaming\help_restore_files_smoey.html
2015-07-12 08:14 - 2015-07-12 08:14 - 0002173 _____ () C:\Users\Flag Beach\AppData\Roaming\help_restore_files_smoey.txt
2014-12-22 21:34 - 2014-12-22 21:39 - 0000115 _____ () C:\Users\Flag Beach\AppData\Roaming\LogFile.txt
2015-07-12 08:29 - 2015-07-12 08:29 - 0003815 _____ () C:\Users\Flag Beach\AppData\Local\help_restore_files_khjtq.html
2015-07-12 08:29 - 2015-07-12 08:29 - 0002173 _____ () C:\Users\Flag Beach\AppData\Local\help_restore_files_khjtq.txt
2015-01-05 13:11 - 2015-01-05 13:11 - 0004096 ____H () C:\Users\Flag Beach\AppData\Local\keyfile3.drm
2015-07-12 08:20 - 2015-07-12 08:20 - 0003815 _____ () C:\ProgramData\help_restore_files_khjtq.html
2015-07-12 08:20 - 2015-07-12 08:20 - 0002173 _____ () C:\ProgramData\help_restore_files_khjtq.txt
2015-07-12 08:12 - 2015-07-12 08:14 - 0003815 _____ () C:\ProgramData\help_restore_files_smoey.html
2015-07-12 08:12 - 2015-07-12 08:14 - 0002173 _____ () C:\ProgramData\help_restore_files_smoey.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 20:10
 
==================== End of log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Flag Beach at 2015-07-12 20:40:58
Running from C:\Users\Flag Beach\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
a (S-1-5-21-1238245748-1398098867-3105907631-1001 - Administrator - Enabled)
Administrator (S-1-5-21-1238245748-1398098867-3105907631-500 - Administrator - Disabled)
Flag Beach (S-1-5-21-1238245748-1398098867-3105907631-1000 - Administrator - Enabled) => C:\Users\Flag Beach
Guest (S-1-5-21-1238245748-1398098867-3105907631-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DellAccess (Version: 01.03.00.046 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.092 - Wave Systems Corp.) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ERAS Connector (Version: 02.09.05.0330 - Wave Systems Corp) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Kyocera Scanner File Utility (HKLM-x32\...\{61C79AE1-5403-4687-AC68-28BFA5EF3895}) (Version: 3.16.9 - KyoceraMita)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PBA Driver (Version: 1.0.1.7 - Dell Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Preboot Manager (Version: 03.05.00.026 - Wave Systems Corp.) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Information Manager (Version: 07.03.00.016 - Wave Systems Corp.) Hidden
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5931 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Softonic Assistant (HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\...\SoftonicAssistant) (Version: 0.2.2 - Softonic International S.A.) <==== ATTENTION
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
toolkit32for64bit (x32 Version: 7.68.85.0013 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.0.304 - Wave Systems Corp.) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.68.85.0014 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.021 - Wave Systems Corp) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3F1DB084-C2AC-4A61-9AAB-AEEEFCADF4CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
Task: {419D6491-B98F-43C6-9519-77FAEE126D46} - System32\Tasks\{AA3C2A92-2AA5-42A6-A07F-9E70965E6BDF} => pcalua.exe -a "C:\Users\Flag Beach\Documents\vbrun60sp6.exe" -d "C:\Users\Flag Beach\Documents"
Task: {6AB91036-1AEB-43F7-B65A-C5242B5DDF44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {84EAE79D-D9FF-4929-B4A4-63AF24C1FA68} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-10-17] (Wave Systems Corp.)
Task: {8F19B5E9-236F-4581-930E-F0ECE7730565} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-12] (Enigma Software Group USA, LLC.)
Task: {A6A5F51A-5486-485D-9CCC-BA9FF9326E7F} - System32\Tasks\{37960C9B-F771-46E8-94EF-18DC1755A2D3} => pcalua.exe -a "C:\Users\Flag Beach\Downloads\vbrun60sp6.exe" -d "C:\Users\Flag Beach\Downloads"
Task: {ACDADF57-9200-4C8F-9C47-DAB522C23881} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-12-22] ()
Task: {DA78CC88-3B75-4D9E-8124-D7D2924C892C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-11-20 05:52 - 2012-11-20 05:52 - 00225720 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-11-20 05:51 - 2012-11-20 05:51 - 00038840 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-11-23 15:34 - 2012-11-23 15:34 - 00020480 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
2009-07-14 02:19 - 2009-07-14 02:41 - 00108032 _____ () C:\Windows\system32\kywdds10.dll
2014-05-28 18:12 - 2012-02-01 22:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-18 19:37 - 2014-07-03 03:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-12-30 13:49 - 2000-11-09 12:17 - 00190464 _____ () C:\Program Files (x86)\Kyocera\FileUtility\HgTiff2Pdf.dll
2014-11-24 12:39 - 2014-11-24 12:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-12-29 06:33 - 2014-12-29 06:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2014-05-28 09:49 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-05-28 09:46 - 2013-11-13 22:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-18 19:37 - 2014-07-30 23:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-05-28 09:02 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 19:37 - 2012-11-26 06:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-07-07 18:45 - 2015-07-07 04:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 18:45 - 2015-07-07 04:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-07 18:45 - 2015-07-07 04:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3246
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3347
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1238245748-1398098867-3105907631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Flag Beach\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1DA91C32-F797-4FCF-AD66-4A4B217A042E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0E07104E-ACCC-4219-9246-28D3C9F63FD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3465C303-0A5D-4040-8878-F047440D6A5D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A35D99E9-BF7C-47E1-8A50-D3C73285EA6F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BEAD1F81-6781-4B28-B44C-9BFF54EDAC59}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{8094EF23-5387-4F9C-8123-E2C49B286A2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2015 08:38:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 12.7.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2e8
 
Start Time: 01d0bcda1443de4e
 
Termination Time: 16
 
Application Path: C:\Users\Flag Beach\Downloads\FRST64.exe
 
Report Id:
 
Error: (07/12/2015 08:16:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/12/2015 07:11:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Install.exe version 8.2.115.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 948
 
Start Time: 01d0bc74abd072cd
 
Termination Time: 15
 
Application Path: C:\Users\Flag Beach\AppData\Local\Temp\McInstallTemp\Install.exe
 
Report Id:
 
Error: (07/12/2015 09:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0x1270
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 09:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0xd8c
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 08:56:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0x1740
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 08:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0x8d8
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0x1498
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0xfc4
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610, time stamp: 0x4dc0c63a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x75074db2
Faulting process id: 0x175c
Faulting application start time: 0xSearchProtocolHost.exe0
Faulting application path: SearchProtocolHost.exe1
Faulting module path: SearchProtocolHost.exe2
Report Id: SearchProtocolHost.exe3
 
 
System errors:
=============
Error: (07/12/2015 08:14:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (07/12/2015 08:14:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (07/12/2015 08:12:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
 
Error: (07/12/2015 07:51:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
%%1053
 
Error: (07/12/2015 07:51:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSK80Service service.
 
Error: (07/12/2015 07:07:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.
 
Error: (07/12/2015 07:07:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
 
Error: (07/12/2015 07:06:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
%%1053
 
Error: (07/12/2015 07:06:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSK80Service service.
 
Error: (07/12/2015 07:06:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.
 
 
Microsoft Office:
=========================
Error: (07/12/2015 08:38:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe12.7.2015.12e801d0bcda1443de4e16C:\Users\Flag Beach\Downloads\FRST64.exe
 
Error: (07/12/2015 08:16:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/12/2015 07:11:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Install.exe8.2.115.094801d0bc74abd072cd15C:\Users\Flag Beach\AppData\Local\Temp\McInstallTemp\Install.exe
 
Error: (07/12/2015 09:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2127001d0bc808b6be343C:\Windows\sysWow64\SearchProtocolHost.exeunknownc921f3a4-2873-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 09:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2d8c01d0bc808a90e4a9C:\Windows\sysWow64\SearchProtocolHost.exeunknownc8e6713d-2873-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 08:56:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2174001d0bc783265d82eC:\Windows\sysWow64\SearchProtocolHost.exeunknown701e49f0-286b-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 08:55:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db28d801d0bc7828d0f59aC:\Windows\sysWow64\SearchProtocolHost.exeunknown6a829e0a-286b-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2149801d0bc782897d494C:\Windows\sysWow64\SearchProtocolHost.exeunknown664de4f5-286b-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2fc401d0bc78286cfbcfC:\Windows\sysWow64\SearchProtocolHost.exeunknown66230c30-286b-11e5-b9d0-f8b156da40d6
 
Error: (07/12/2015 08:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchProtocolHost.exe7.0.7601.176104dc0c63aunknown0.0.0.000000000c000041d75074db2175c01d0bc78283d6049C:\Windows\sysWow64\SearchProtocolHost.exeunknown65f5d20b-286b-11e5-b9d0-f8b156da40d6
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 67%
Total physical RAM: 3982.55 MB
Available physical RAM: 1301.01 MB
Total Virtual: 7963.3 MB
Available Virtual: 4519.11 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.94 GB) (Free:367.67 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:13.78 GB) (Free:4.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 2DED2C7A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

Edited by marshall10488, 12 July 2015 - 01:54 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this is typical ransomware, do you have an image of the system prior to this ? If so then use that if not then I would recommend that you reformat and re-install windows
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP