Hi Guys.
Yesterday my (slightly aged and not very good with computers) friend (hence me being on here now) was on his Pc and was suddenly confronted with the massage I have shown in the attached screenshot.
He panicked a bit and then, as you do, phoned the help line. After being told to click here, there and everywhere he was asked for £200.
This he refused to give (thank goodness!).
A few minutes later his wife asked him what was going on and when she realised that he had been asked for money, she decided to phone them and find out who they were.
The name of the company was given as Emobilez (http://www.emobilez.net/) and the phone number was (0-800-098-8719). As far as I can see it is based in Pakistan.
My friends left the computer on all night, but when I arrived this morning I rebooted it and after a few minutes was able to reproduce the screen as shown in the screenshot.
Yesterday, the techie at Emobilez had said that the problem was 'solved'. It is a good job my friend didn't pay the fee because it looks like it was going to become a recurring problem!
I have run FRST64 and below are the required logs.
Help would be very much appreciated with this. Thanks in advance.
Regard
Paul
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by ThePowdrillComputer (administrator) on THEPOWDRILLCOMP (15-05-2016 11:48:09)
Running from C:\Users\ThePowdrillComputer\Desktop
Loaded Profiles: ThePowdrillComputer (Available Profiles: ThePowdrillComputer & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2898820250-163008556-296847578-1000\...\Run: [Google Update] => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2898820250-163008556-296847578-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-02-02]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-26]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0F6C03D4-558B-4CE0-BEBF-DB2C45051470}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F573623-286E-4508-8550-F77177322EE7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7A9945A1-1BB4-4AEC-BAAA-96534208DA7B}: [DhcpNameServer] 8.8.4.4 8.8.8.8 194.168.4.100
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2898820250-163008556-296847578-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2898820250-163008556-296847578-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.co.uk/
HKU\S-1-5-21-2898820250-163008556-296847578-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://uk.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {E693705E-0F22-4F2F-B86B-DE83C11603D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {E693705E-0F22-4F2F-B86B-DE83C11603D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6F6626D3-01D2-44D5-BF92-9E68B32AF129} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> DefaultScope {AA19DAC7-AB68-4A35-8527-7E8C0BCC4B9B} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB91038D20151008&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {6F6626D3-01D2-44D5-BF92-9E68B32AF129} URL =
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={AF483DAC-A4EC-4780-B0B8-8105479318DD}&mid=f876a46514ff554b47ad9225ddec0262-c17930690a5a5717c46300eae5ebf63d6f83238d&lang=en&ds=AVG&pr=fr&d=2012-10-01 11:30:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {AA19DAC7-AB68-4A35-8527-7E8C0BCC4B9B} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB91038D20151008&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {BDFD0D24-79FE-40E6-9D4B-8C24D70B786C} URL = hxxp://search.avg.com/route/?d=4cfbec0c&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
SearchScopes: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> {E693705E-0F22-4F2F-B86B-DE83C11603D0} URL =
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-10] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2898820250-163008556-296847578-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2009-12-24] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-06] (McAfee, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-16] (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-05] (Google)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2898820250-163008556-296847578-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2898820250-163008556-296847578-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-03-26]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={AF483DAC-A4EC-4780-B0B8-8105479318DD}&mid=f876a46514ff554b47ad9225ddec0262-c17930690a5a5717c46300eae5ebf63d6f83238d&lang=en&ds=AVG&pr=fr&d=2012-10-01 11:30:34&v=18.1.9.799&pid=avg&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C211GB91038D20151008&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Plugin: (Shockwave Flash) - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12]
CHR HKU\S-1-5-21-2898820250-163008556-296847578-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupon Printer\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-11-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
R3 usbehci; C:\Windows\SysWOW64\DRIVERS\usbehci.sys [26624 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-15 11:48 - 2016-05-15 11:50 - 00027465 _____ C:\Users\ThePowdrillComputer\Desktop\FRST.txt
2016-05-15 11:47 - 2016-05-15 11:48 - 00000000 ____D C:\FRST
2016-05-15 11:44 - 2016-05-15 11:44 - 02382336 _____ (Farbar) C:\Users\ThePowdrillComputer\Desktop\FRST64.exe
2016-05-15 11:35 - 2016-05-15 11:35 - 00171778 _____ C:\Users\ThePowdrillComputer\Desktop\Print Screen.odt
2016-05-15 11:20 - 2016-05-15 11:37 - 00016964 _____ C:\Users\ThePowdrillComputer\Desktop\History.txt
2016-05-15 11:03 - 2016-05-15 11:03 - 00000000 _____ C:\Users\ThePowdrillComputer\Desktop\New Text Document.txt
2016-05-13 19:24 - 2016-05-14 15:56 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-05-11 12:28 - 2016-04-23 18:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 12:28 - 2016-04-23 17:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 12:28 - 2016-04-23 06:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 12:28 - 2016-04-23 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 12:28 - 2016-04-23 06:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 12:28 - 2016-04-23 06:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 12:28 - 2016-04-23 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 12:28 - 2016-04-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 12:28 - 2016-04-23 05:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 12:28 - 2016-04-23 05:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 12:28 - 2016-04-23 05:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 12:28 - 2016-04-23 05:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 12:28 - 2016-04-23 05:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 12:28 - 2016-04-23 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 12:28 - 2016-04-23 05:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 12:28 - 2016-04-23 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 12:28 - 2016-04-23 05:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 12:28 - 2016-04-23 05:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 12:28 - 2016-04-23 05:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 12:28 - 2016-04-23 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 12:28 - 2016-04-23 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 12:28 - 2016-04-23 05:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 12:28 - 2016-04-23 05:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 12:28 - 2016-04-23 05:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 12:28 - 2016-04-23 05:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 12:28 - 2016-04-23 05:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 12:28 - 2016-04-23 05:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 12:28 - 2016-04-23 05:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 12:28 - 2016-04-23 05:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 12:28 - 2016-04-23 04:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 12:28 - 2016-04-23 04:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 12:28 - 2016-04-23 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 12:28 - 2016-04-23 04:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 12:28 - 2016-04-23 04:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 12:28 - 2016-04-23 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 12:28 - 2016-04-23 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 12:28 - 2016-04-23 04:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 12:28 - 2016-04-23 04:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 12:28 - 2016-04-23 04:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 12:28 - 2016-04-23 04:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 12:28 - 2016-04-23 04:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 12:28 - 2016-04-23 04:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 12:28 - 2016-04-23 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 12:28 - 2016-04-23 04:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 12:28 - 2016-04-23 04:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 12:28 - 2016-04-23 04:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 12:28 - 2016-04-23 04:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 12:28 - 2016-04-23 04:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 12:28 - 2016-04-23 04:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 12:28 - 2016-04-23 04:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 12:28 - 2016-04-23 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 12:28 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 12:28 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:28 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:28 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:28 - 2016-04-09 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:28 - 2016-04-09 07:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:28 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:28 - 2016-04-09 07:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 12:28 - 2016-04-09 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 12:28 - 2016-04-09 06:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:28 - 2016-04-06 16:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:28 - 2016-03-09 19:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:28 - 2016-03-09 19:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 12:27 - 2016-04-23 06:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 12:27 - 2016-04-23 06:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 12:27 - 2016-04-23 06:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 12:27 - 2016-04-23 05:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 12:27 - 2016-04-23 05:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 12:27 - 2016-04-23 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 12:27 - 2016-04-23 05:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 12:27 - 2016-04-23 05:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 12:27 - 2016-04-23 05:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 12:27 - 2016-04-23 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 12:27 - 2016-04-23 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 12:27 - 2016-04-23 05:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 12:27 - 2016-04-23 05:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 12:27 - 2016-04-23 05:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 12:27 - 2016-04-23 04:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 12:27 - 2016-04-09 08:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 12:27 - 2016-04-09 08:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:27 - 2016-04-09 08:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 12:27 - 2016-04-09 08:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:27 - 2016-04-09 08:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:27 - 2016-04-09 07:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 12:27 - 2016-04-09 07:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 12:27 - 2016-04-09 07:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:27 - 2016-04-09 07:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 06:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:27 - 2016-04-09 06:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:27 - 2016-04-09 06:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:27 - 2016-04-09 06:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:27 - 2016-04-09 06:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 12:27 - 2016-04-09 06:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:27 - 2016-04-09 06:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:27 - 2016-04-09 06:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:27 - 2016-04-09 06:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:27 - 2016-04-09 06:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:27 - 2016-04-09 06:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:27 - 2016-04-09 06:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 12:27 - 2016-04-09 06:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 12:27 - 2016-04-09 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 12:27 - 2016-04-09 06:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 12:27 - 2016-04-09 06:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 12:27 - 2016-04-09 06:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 12:27 - 2016-04-09 06:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 06:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 06:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 06:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 12:27 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 12:27 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 12:05 - 2016-05-10 12:05 - 00000000 ____D C:\Users\ThePowdrillComputer\AppData\Local\{54701A83-CEEA-4ABB-8EA6-8D5097F27E90}
2016-05-08 18:40 - 2016-05-15 07:36 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-28 15:44 - 2016-04-28 15:44 - 00018718 _____ C:\Users\ThePowdrillComputer\Documents\Sky letter request refund.odt
2016-04-28 13:39 - 2016-04-28 13:39 - 00191210 _____ C:\Users\ThePowdrillComputer\Documents\Seal-Kiss From A Rose-SheetMusicCC.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-15 11:48 - 2010-08-26 12:17 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000UA.job
2016-05-15 11:47 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-15 11:47 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-15 11:42 - 2012-07-30 12:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-15 11:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-05-15 11:21 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 11:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-05-15 11:17 - 2016-04-08 10:26 - 00004648 _____ C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly
2016-05-15 11:17 - 2010-02-16 21:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 11:17 - 2010-02-02 11:58 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-15 11:17 - 2010-01-31 12:17 - 00000000 ____D C:\Users\ThePowdrillComputer\AppData\Local\SoftThinks
2016-05-15 11:17 - 2010-01-26 12:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-05-15 11:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 11:02 - 2010-02-16 21:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-14 21:48 - 2010-08-26 12:17 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000Core.job
2016-05-14 16:57 - 2015-08-02 18:18 - 00000000 ____D C:\Windows\Panther
2016-05-14 16:51 - 2016-02-13 15:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-14 15:56 - 2015-10-08 16:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-14 11:17 - 2010-02-16 21:40 - 00000880 _____ C:\Windows\Tasks\Google Software Updater.job
2016-05-13 10:51 - 2010-08-26 12:20 - 00002453 _____ C:\Users\ThePowdrillComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 20:42 - 2012-07-30 12:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 20:42 - 2012-05-30 19:33 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 20:42 - 2012-05-30 19:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 14:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 12:01 - 2014-12-11 12:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 11:11 - 2009-07-14 05:45 - 00383256 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 11:08 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:28 - 2013-08-15 23:05 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 23:11 - 2010-02-02 14:39 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 18:29 - 2016-04-08 10:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 18:29 - 2014-12-24 13:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 11:57 - 2010-02-16 21:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 11:57 - 2010-02-16 21:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 21:43 - 2010-08-26 12:17 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000UA
2016-05-10 21:43 - 2010-08-26 12:17 - 00003566 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000Core
2016-05-10 11:09 - 2015-05-12 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-10 11:09 - 2013-10-21 14:13 - 00000000 ____D C:\ProgramData\Oracle
2016-05-10 11:09 - 2012-04-30 11:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-10 11:08 - 2015-09-28 10:32 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-10 11:08 - 2015-09-28 10:30 - 00000000 ____D C:\Users\ThePowdrillComputer\.oracle_jre_usage
2016-05-06 23:00 - 2015-04-04 12:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 23:00 - 2015-04-04 12:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-16 15:42 - 2012-03-27 11:15 - 00010752 _____ C:\Users\ThePowdrillComputer\Documents\Front door notice.wps
2016-04-16 15:42 - 2010-12-03 19:31 - 00006004 _____ C:\Users\ThePowdrillComputer\AppData\Roaming\wklnhst.dat
2016-04-16 15:40 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2010-02-02 15:39 - 2010-04-27 19:53 - 8656832 _____ (Dell, Inc. ) C:\Users\ThePowdrillComputer\AppData\Roaming\DataSafeDotNet.exe
2015-07-11 17:19 - 2015-07-11 17:20 - 0593310 _____ () C:\Users\ThePowdrillComputer\AppData\Roaming\Scorch_Install.log
2010-12-03 19:31 - 2016-04-16 15:42 - 0006004 _____ () C:\Users\ThePowdrillComputer\AppData\Roaming\wklnhst.dat
2010-06-08 11:05 - 2012-05-01 12:40 - 0005632 _____ () C:\Users\ThePowdrillComputer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\ThePowdrillComputer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyhgdfz.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ThePowdrillComputer\AppData\Local\Temp\McCSPInstall.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\ThePowdrillComputer\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-08 17:11
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by ThePowdrillComputer (2016-05-15 11:50:53)
Running from C:\Users\ThePowdrillComputer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-31 11:17:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2898820250-163008556-296847578-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2898820250-163008556-296847578-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2898820250-163008556-296847578-1002 - Limited - Enabled)
ThePowdrillComputer (S-1-5-21-2898820250-163008556-296847578-1000 - Administrator - Enabled) => C:\Users\ThePowdrillComputer
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon) <==== ATTENTION
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 100 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413) (Version: - )
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer (HKLM-x32\...\Coupon Printer2.2.1.0) (Version: 2.2.1.0 - Coupons.com Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Digital Camera Driver (HKLM-x32\...\Digital Camera Driver) (Version: - )
Digital Camera User's Manual (HKLM-x32\...\Digital Camera User's Manual) (Version: - )
Dropbox (HKU\S-1-5-21-2898820250-163008556-296847578-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Fanbase (HKLM-x32\...\com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1) (Version: 1.32 - Atlantic Records)
Fanbase (x32 Version: 1.32 - Atlantic Records) Hidden
Google Chrome (HKU\S-1-5-21-2898820250-163008556-296847578-1000\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Jacquie Lawson Circus (HKLM-x32\...\JLCircus) (Version: 1.0.2 - MicroCourt Limited)
Jacquie Lawson Circus (x32 Version: 1.0.2 - MicroCourt Limited) Hidden
Jacquie Lawson Edwardian Advent Calendar (HKLM-x32\...\JLAdventCalendarEdwardian2013) (Version: 1.0.1 - MicroCourt Limited)
Jacquie Lawson Edwardian Advent Calendar (x32 Version: 1.0.1 - MicroCourt Limited) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.200 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Sibelius Scorch (ActiveX Only) (HKLM-x32\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2898820250-163008556-296847578-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CE49F2A-B6EB-467C-BDB7-E2F639CD0BE1} - System32\Tasks\{4C784075-4E64-49E5-9D34-F18A774331AA} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {0E16DE8B-5AE8-4480-8EC8-F16818D09D6F} - System32\Tasks\{4932627C-9004-42C8-BA10-AE4E2BC2C183} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {1A5EEDFE-218A-4A65-A11D-1A57B2307CD5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {254647FC-E432-4E54-A618-C451ADC25D1A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {3320C3C1-1063-47FA-A429-0E5F9B7AE499} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000Core => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4828E368-A774-475F-911C-74F8575D0E3D} - System32\Tasks\{40290BC1-43CE-4160-B24B-281F39D78ABB} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {56969FE5-6A50-425D-B9A2-A8A19D41C251} - System32\Tasks\{E7EF866A-5017-49CF-952A-7D6ABF352675} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {5CA35520-FBE5-486D-B257-4F4BD49ECF0C} - System32\Tasks\{2473ED19-461E-46AB-B6F3-FAF8E0D19501} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {5E7AAF33-C0B2-4DCB-8F76-ADC93810F89B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6816D412-5912-4B70-AB4C-0000DBCD4D3F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {6B94E324-39BC-436B-A690-CDD574BCF064} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-08] (Distromatic) <==== ATTENTION
Task: {715AA993-B27B-4FF4-855B-349C37A71AB9} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {725C624B-241B-49E0-9B01-69A5D405F007} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-25] (Google) <==== ATTENTION
Task: {7B9364A1-BDC9-48F0-976D-7DBA0177434F} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {895F555D-40A3-4F21-8E8F-571364C9BB19} - System32\Tasks\{3F7557EF-4CF6-4A4A-96D9-FA451326BF8E} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe" -d C:\Windows\SysWOW64 -c /AppMode=DOWNLOADMANAGER /SummerUpdate /PackageType=Free /ProductType=Free
Task: {8F15FDF5-19C3-40DA-9FC1-4BF37BCFA165} - System32\Tasks\{63AAA8BD-6F90-4956-BDF7-C64C056682C0} => pcalua.exe -a C:\downloads\wg111t_2_1_setup.exe -d C:\downloads
Task: {9104A4F4-57EE-4490-9E47-BC203DA5FDCC} - System32\Tasks\{0769B5F2-A2EA-43FD-A1F1-4DBAF8EFFE86} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {912849A7-9B71-47AC-81D8-5146A1A66ABC} - System32\Tasks\{8A12C1EA-8A23-46F5-973F-BE3F7F86C7F2} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {9244ECB5-CC0F-4988-92A9-C5F34F1C680F} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-08] (Distromatic) <==== ATTENTION
Task: {9B4F25B4-C84A-4576-A8BE-08A853D2FFF8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {9C43EF5F-5E0B-4B2B-B5A0-DCF61754974E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A384487A-D15E-4099-8C8F-A3313ED4981A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000UA => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A4717A9F-6E60-4755-8625-03D584A5AA56} - System32\Tasks\{6468FE5E-38C0-4B76-B492-8814CEA0AA7A} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2013-10-07] (Google)
Task: {AEC1CDEC-09F0-444A-B67B-23E5CB24F577} - System32\Tasks\{F94D017D-DD83-4F22-A78F-A95A6BFA0107} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {AF1D9BE8-5CD4-4C1E-98C0-D311DF02F55B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {B30599F5-DCE8-486F-911A-9D8D6BEAB798} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-08] (Distromatic) <==== ATTENTION
Task: {B4F28166-66A6-49B0-BB43-DD8AAAEBE378} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B572FF80-3E2E-4735-833F-E53156D45AD7} - System32\Tasks\Google Update => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C06141F2-7B6D-4595-A65A-DC828A666EE6} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-08] (Distromatic) <==== ATTENTION
Task: {C0C85B27-FCFC-4789-ACD6-2E14B74190F7} - System32\Tasks\{5F263BD3-B577-4393-B4E8-E48E60083979} => pcalua.exe -a C:\Users\ThePowdrillComputer\Desktop\avg_free_stb_all_9_40_cnet.exe -d C:\Users\ThePowdrillComputer\Desktop
Task: {D05C5DB4-9EAA-49DB-A376-3E88C0A3C33C} - System32\Tasks\{2A0C8004-B955-4CCF-A69E-84C3CD49185D} => msiexec.exe /package "C:\Users\ThePowdrillComputer\Documents\InstallScorch.msi"
Task: {D8739FA3-3E16-4B31-90D8-A98EAA67351D} - System32\Tasks\{86E1CB07-81C3-4127-BEBA-A97067BF6974} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {E0DBF5F7-1256-49CF-801B-9ACDB73C68FD} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-10] (McAfee, Inc.)
Task: {E3CCA331-CFAE-407F-B96C-33919E4D4FB5} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-10] (McAfee, Inc.)
Task: {F3B311C2-0D87-498A-A71A-69E6A6799861} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F8525B62-83CB-412F-9579-AE015AFEA1CC} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F85B533C-D9D6-49A0-BF7C-83873FB03E73} - System32\Tasks\{B3F8AB38-A01D-476D-98AB-46202BCC3813} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
Task: {FFDBD6B4-F7E0-4A8C-9BCF-D35CF382AEA7} - System32\Tasks\{F3755227-0887-4B9E-9BD8-4AF5FCCAB99C} => C:\downloads\wg111t_2_1_setup.exe [2010-02-02] (Macrovision Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000Core.job => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898820250-163008556-296847578-1000UA.job => C:\Users\ThePowdrillComputer\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-26 12:49 - 2009-09-17 13:06 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-01-26 12:49 - 2009-09-17 13:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-26 12:49 - 2009-09-17 13:04 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00025840 ____N () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-26 12:49 - 2009-09-17 13:05 - 00025840 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-09-11 12:05 - 2009-09-11 12:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2016-05-13 10:51 - 2016-05-11 12:48 - 01738904 _____ () C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 10:51 - 2016-05-11 12:48 - 00086168 _____ () C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-13 10:51 - 2016-05-11 12:48 - 17565848 _____ () C:\Users\ThePowdrillComputer\AppData\Local\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2898820250-163008556-296847578-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-04-09 12:54 - 00000865 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2898820250-163008556-296847578-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ThePowdrillComputer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{ABE7730A-2784-464D-A8A5-114ACA49BCFB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{F846BC55-1C27-4161-B5D0-0F9A830B9FC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{D1AE507C-F644-4B8D-B805-6511EE1D7E6C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9623E8B2-CC0C-46E3-BF36-BC47F212E108}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{60089B7C-8EA5-40F4-89B7-0852E6503093}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{0C9976DB-C701-4804-9784-280FD1B6B33C}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{19529E91-BD3D-45DB-9587-354649AE0692}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{50CD4EBF-BF5F-42BD-BD16-31325B320B44}] => (Allow) LPort=2869
FirewallRules: [{F9F618B0-45AA-4829-822F-3BDAF2179B41}] => (Allow) LPort=1900
FirewallRules: [{FD4EA547-A529-41FA-8A5D-FFF31DB02002}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{8E158074-1B48-4A29-95ED-CE317971E83A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{82E14915-8451-45FB-A425-7F07C660EDDE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{88FBF64F-7BE4-48CD-8FF1-A9AD0E5E9082}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F9CB64E-A21F-4F48-A863-3AE21766DCBA}] => (Allow) C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2B116C45-FA17-47DF-8642-4EEE36A9EDF8}] => (Allow) C:\Users\ThePowdrillComputer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{04C9CF5F-4837-4251-997F-00E01A7309B3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
==================== Restore Points =========================
05-05-2016 23:23:00 Windows Update
06-05-2016 17:48:01 McAfee Vulnerability Scanner
06-05-2016 17:50:30 Windows Update
06-05-2016 23:00:04 Windows Update
11-05-2016 23:06:20 Windows Update
12-05-2016 12:00:15 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2016 11:18:24 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/15/2016 11:14:11 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/14/2016 08:03:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STService.exe, version: 1.0.0.61, time stamp: 0x4aaa8b1e
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a73e
Exception code: 0xc0150010
Fault offset: 0x00084383
Faulting process id: 0xc2c
Faulting application start time: 0xSTService.exe0
Faulting application path: STService.exe1
Faulting module path: STService.exe2
Report Id: STService.exe3
Error: (05/14/2016 08:03:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STService.exe, version: 1.0.0.61, time stamp: 0x4aaa8b1e
Faulting module name: STString.dll, version: 1.1.0.5, time stamp: 0x47e11d41
Exception code: 0xc0000005
Fault offset: 0x0000abcc
Faulting process id: 0xc2c
Faulting application start time: 0xSTService.exe0
Faulting application path: STService.exe1
Faulting module path: STService.exe2
Report Id: STService.exe3
Error: (05/14/2016 03:44:08 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/14/2016 02:44:38 PM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/14/2016 10:29:07 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/13/2016 10:38:37 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/12/2016 11:13:37 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error: (05/11/2016 11:16:03 AM) (Source: Swapdrive Backup) (EventID: 0) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 63.245.197.212:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
System errors:
=============
Error: (05/15/2016 11:17:35 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
Error: (05/14/2016 03:50:31 PM) (Source: DCOM) (EventID: 10016) (User: ThePowdrillComp)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}ThePowdrillCompThePowdrillComputerS-1-5-21-2898820250-163008556-296847578-1000LocalHost (Using LRPC)
Error: (05/14/2016 03:43:18 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004
Error: (05/14/2016 03:39:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/14/2016 03:39:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/14/2016 03:39:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/14/2016 03:39:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McAfee SiteAdvisor Service{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Error: (05/14/2016 03:39:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/14/2016 03:39:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (05/14/2016 03:39:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 78%
Total physical RAM: 2012.98 MB
Available physical RAM: 429.38 MB
Total Virtual: 4025.97 MB
Available Virtual: 2047.55 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:288.9 GB) (Free:216.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Sign In
Create Account
