Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: PC has been taken over and held for ransom through Microsoft Windows 10 ISO download

  1. #1
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default PC has been taken over and held for ransom through Microsoft Windows 10 ISO download

    Hi,

    I am running Windows 10 , which was Windows 7, which started off as Windows Vista.

    Recently, I have been having a few issues with Windows 10 crashing, so yesterday I ran the sfc scannow and restore health command.

    Corrupt files were found, but Windows wanted the source files. I went online to find info on this and I discovered that I needed an ISO of my exact version and build.

    So, today I went onto Microsoft's Windows 10 ISO download page to find the version. I couldn't so I went to the support tab to ask the community. However, there was also a link for live chat so I clicked it to get a fast answer.

    To cut a long story short, it wasn't Microsoft, someone hacked my PC, took over my mouse and a window popped up saying we have put a virus on your PC pay money on this number to remove it.

    I powered the PC down and tried to do a restore, but I can't, all my restore punts are gone and the PC won't reset while keeping my files. I have loads on there too.

    I have not connected that PC to the internet since because I presume it will get connected to them.

    The PC will switch on and I can access my files it seems, but I just cannot do anything to repair it.

    I presume anything I do will have to be by USB now. Is there any instructions on how to make the logs for you without being connected to the internet please?

    Thanks.

    Hi,

    I used a USB to download registry backup tool Farbar and aswMBR. Please note the computer 'was not' connected to the internet when I ran any of these tools so the database was not been updated.

    Can somebody at Spybot please tell Microsoft about the fact their live chat is being taken over? I have looked for an email address but I can't find one.

    I got to the page with the live chat taken from the support tab on the main Windows 10 ISO download page. There are 2 options if I remember, community support or live chat - I clicked live chat and that's when it all went wrong.

    Thanks.


    Log Files from USB

    ##################

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
    Ran by User (administrator) on DANIELBYE (15-02-2016 13:53:26)
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: User & Classic .NET AppPool & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723392 2015-12-03] (McAfee, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    HKU\S-1-5-21-224342428-1839300246-3282489254-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-14] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{64c5f559-ddf6-4316-89d8-b884db216ead}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
    IE Session Restore: HKU\S-1-5-21-224342428-1839300246-3282489254-1001 -> is enabled.
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-08] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-08] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-08] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-08] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sop2y0b2.default
    FF Homepage: hxxp://www.sky.com/
    FF Session Restore: -> is enabled.
    FF Keyword.URL: hxxps://uk.search.yahoo.com/search?fr=mcafee&type=A111GB693&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-24] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-24] (Apple Inc.)
    FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sop2y0b2.default\searchplugins\McSiteAdvisor.xml [2016-02-15]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-08-17]
    FF Extension: Zotero Word for Windows Integration - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sop2y0b2.default\extensions\zoteroWinWordIntegration@zotero.org [2015-12-31]
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
    FF Extension: Visual Studio Test Helper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sop2y0b2.default\Extensions\visualstudiotesthelper@microsoft.com [2012-01-22] [not signed]
    FF Extension: Zotero - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sop2y0b2.default\Extensions\zotero@chnm.gmu.edu.xpi [2015-12-18]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-08] [not signed]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (SiteAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-22]
    CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-01-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-11]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
    S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
    S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
    S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
    S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-08] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
    S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
    S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
    R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [84624 2013-06-10] (Microsoft Corporation)
    S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
    R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
    S4 MYSQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13067264 2015-09-18] () [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [51712 2015-11-14] (Microsoft Corporation)
    R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2015-11-14] (Microsoft Corporation)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
    S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
    R3 HPMo4DE3; C:\Windows\System32\drivers\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.)
    R3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
    R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
    R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
    S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    S3 PcdrNdisuio; \SystemRoot\syswow64\drivers\pcdrndisuio.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-15 19:27 - 2016-02-15 19:27 - 00000000 _____ C:\Recovery.txt
    2016-02-15 19:20 - 2016-02-15 19:20 - 00000000 ___HD C:\$Windows.~BT
    2016-02-15 19:19 - 2016-02-15 12:59 - 00000000 ___HD C:\$SysReset
    2016-02-15 13:53 - 2016-02-15 13:54 - 00019920 _____ C:\Users\User\Desktop\FRST.txt
    2016-02-15 13:52 - 2016-02-15 13:53 - 00000000 ____D C:\FRST
    2016-02-15 13:51 - 2016-02-15 13:51 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DANIELBYE-Windows-10-Home-(64-bit).dat
    2016-02-15 13:51 - 2016-02-15 13:51 - 00000000 ____D C:\RegBackup
    2016-02-15 13:49 - 2016-02-15 13:49 - 00000000 ____D C:\Users\User\Desktop\tweaking.com_registry_backup_portable
    2016-02-15 13:25 - 2016-02-15 13:25 - 05198336 _____ (AVAST Software) C:\Users\User\Desktop\aswMBR.exe
    2016-02-15 13:25 - 2016-02-15 13:25 - 02370560 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
    2016-02-15 13:24 - 2016-02-15 13:24 - 02118566 _____ C:\Users\User\Desktop\tweaking.com_registry_backup_portable.zip
    2016-02-15 11:00 - 2016-02-15 11:11 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - fc1a7bf7-ad5c-41a1-8403-6c5326cb201a
    2016-02-15 10:58 - 2016-02-15 10:58 - 00002330 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
    2016-02-15 10:58 - 2016-02-15 10:58 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Rescue Applet
    2016-02-15 10:29 - 2016-02-15 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-02-14 17:07 - 2016-02-14 17:07 - 641218685 _____ C:\WINDOWS\MEMORY.DMP
    2016-02-14 17:07 - 2016-02-14 17:07 - 00000000 ____D C:\WINDOWS\Minidump
    2016-02-14 12:02 - 2016-02-14 12:32 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2016-02-14 12:02 - 2016-02-14 12:02 - 00003922 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2016-02-14 12:02 - 2016-02-14 12:02 - 00000000 __HDC C:\ProgramData\{010DD54D-6F97-418D-BC47-2089F30A0075}
    2016-02-12 10:35 - 2016-02-12 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-10 16:29 - 2016-02-10 16:29 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-10 16:20 - 2016-02-10 16:20 - 00004124 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
    2016-02-10 16:20 - 2016-02-10 16:20 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2016-02-10 16:20 - 2016-02-10 16:20 - 00003414 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2016-02-10 16:20 - 2016-02-10 16:20 - 00003294 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2016-02-10 16:19 - 2016-02-10 16:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2016-02-10 16:19 - 2016-02-10 16:19 - 00000000 ____D C:\Program Files\Dell Support Center
    2016-02-10 16:05 - 2016-02-10 16:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
    2016-02-10 14:57 - 2016-01-29 06:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-10 14:57 - 2016-01-29 06:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-10 14:57 - 2016-01-27 06:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-10 14:57 - 2016-01-27 06:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-10 14:57 - 2016-01-27 06:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-10 14:57 - 2016-01-27 06:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-10 14:57 - 2016-01-27 06:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-10 14:57 - 2016-01-27 05:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-10 14:57 - 2016-01-27 05:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-10 14:57 - 2016-01-27 05:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-10 14:57 - 2016-01-27 05:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-10 14:57 - 2016-01-27 05:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-10 14:57 - 2016-01-27 05:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-10 14:57 - 2016-01-27 05:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-10 14:57 - 2016-01-27 05:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-10 14:57 - 2016-01-27 05:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-10 14:57 - 2016-01-27 05:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-10 14:57 - 2016-01-27 05:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-10 14:57 - 2016-01-27 05:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-10 14:57 - 2016-01-27 05:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-10 14:57 - 2016-01-27 05:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-10 14:57 - 2016-01-27 05:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-10 14:57 - 2016-01-27 05:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-10 14:57 - 2016-01-27 05:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-10 14:57 - 2016-01-27 05:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-10 14:57 - 2016-01-27 05:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-10 14:57 - 2016-01-27 05:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-10 14:57 - 2016-01-27 05:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-10 14:57 - 2016-01-27 05:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-10 14:57 - 2016-01-27 05:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-10 14:57 - 2016-01-27 05:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-10 14:57 - 2016-01-27 05:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-10 14:57 - 2016-01-27 05:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-10 14:57 - 2016-01-27 05:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-10 14:57 - 2016-01-27 05:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-10 14:57 - 2016-01-27 05:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-10 14:57 - 2016-01-27 05:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-10 14:57 - 2016-01-27 05:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-10 14:57 - 2016-01-27 05:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-10 14:57 - 2016-01-27 04:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-10 14:57 - 2016-01-27 04:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-10 14:57 - 2016-01-27 04:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-10 14:57 - 2016-01-27 04:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-10 14:57 - 2016-01-27 04:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-10 14:57 - 2016-01-27 04:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-10 14:57 - 2016-01-27 04:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-10 14:57 - 2016-01-27 04:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-10 14:57 - 2016-01-27 04:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-10 14:57 - 2016-01-27 04:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-10 14:57 - 2016-01-27 04:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-10 14:57 - 2016-01-27 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-10 14:57 - 2016-01-27 04:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-10 14:57 - 2016-01-27 04:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-10 14:57 - 2016-01-27 04:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-10 14:57 - 2016-01-27 04:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-10 14:57 - 2016-01-27 04:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-10 14:57 - 2016-01-27 04:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-10 14:57 - 2016-01-27 04:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-10 14:57 - 2016-01-27 04:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-10 14:57 - 2016-01-27 04:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-10 14:56 - 2016-01-27 05:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-10 14:56 - 2016-01-27 05:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-10 14:56 - 2016-01-27 05:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-10 14:56 - 2016-01-27 05:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-10 14:56 - 2016-01-27 04:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-28 09:52 - 2016-01-16 06:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-01-28 09:52 - 2016-01-16 06:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-01-28 09:51 - 2016-01-16 06:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-01-28 09:51 - 2016-01-16 06:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-28 09:51 - 2016-01-16 06:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-28 09:51 - 2016-01-16 06:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-28 09:51 - 2016-01-16 06:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-01-28 09:51 - 2016-01-16 06:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-28 09:51 - 2016-01-16 06:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-28 09:51 - 2016-01-16 06:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-01-28 09:51 - 2016-01-16 06:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-01-28 09:51 - 2016-01-16 06:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-01-28 09:51 - 2016-01-16 06:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-01-28 09:51 - 2016-01-16 06:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-28 09:51 - 2016-01-16 06:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-01-28 09:51 - 2016-01-16 06:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-01-28 09:51 - 2016-01-16 06:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-28 09:51 - 2016-01-16 06:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-01-28 09:51 - 2016-01-16 06:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-01-28 09:51 - 2016-01-16 06:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-01-28 09:51 - 2016-01-16 06:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-01-28 09:51 - 2016-01-16 06:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-01-28 09:51 - 2016-01-16 05:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-01-28 09:51 - 2016-01-16 05:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-28 09:51 - 2016-01-16 05:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-01-28 09:51 - 2016-01-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-01-28 09:51 - 2016-01-16 05:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-01-28 09:51 - 2016-01-16 05:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-01-28 09:51 - 2016-01-16 05:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-01-28 09:51 - 2016-01-16 05:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-01-28 09:51 - 2016-01-16 05:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-01-28 09:51 - 2016-01-16 05:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-01-28 09:51 - 2016-01-16 05:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-01-28 09:51 - 2016-01-16 05:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-01-28 09:51 - 2016-01-16 05:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-01-28 09:51 - 2016-01-16 05:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-01-28 09:51 - 2016-01-16 05:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-01-28 09:51 - 2016-01-16 05:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-01-28 09:51 - 2016-01-16 05:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-01-28 09:51 - 2016-01-16 05:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-01-28 09:51 - 2016-01-16 05:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-01-28 09:51 - 2016-01-16 05:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-01-28 09:51 - 2016-01-16 05:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-01-28 09:51 - 2016-01-16 05:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-28 09:51 - 2016-01-16 05:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-01-28 09:51 - 2016-01-16 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-01-28 09:51 - 2016-01-16 05:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-01-28 09:51 - 2016-01-16 05:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-01-28 09:51 - 2016-01-16 05:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-28 09:51 - 2016-01-16 05:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-01-28 09:51 - 2016-01-16 05:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-01-28 09:51 - 2016-01-16 05:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-01-28 09:51 - 2016-01-16 05:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-01-28 09:51 - 2016-01-16 05:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-01-28 09:51 - 2016-01-16 05:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-01-28 09:51 - 2016-01-16 05:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-01-28 09:51 - 2016-01-16 05:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-01-28 09:51 - 2016-01-16 05:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-01-28 09:51 - 2016-01-16 05:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-01-28 09:51 - 2016-01-16 05:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-01-28 09:51 - 2016-01-16 05:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-01-28 09:51 - 2016-01-16 05:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-01-28 09:51 - 2016-01-16 05:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-01-28 09:51 - 2016-01-16 05:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-01-28 09:51 - 2016-01-16 05:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-01-28 09:51 - 2016-01-16 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-01-28 09:51 - 2016-01-16 05:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-01-28 09:51 - 2016-01-16 05:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-01-28 09:51 - 2016-01-16 05:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-28 09:51 - 2016-01-16 05:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-01-28 09:51 - 2016-01-16 05:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-01-28 09:51 - 2016-01-16 05:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-01-28 09:51 - 2016-01-16 05:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-01-28 09:51 - 2016-01-16 05:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-01-28 09:51 - 2016-01-16 05:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-01-28 09:51 - 2016-01-16 05:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-01-28 09:51 - 2016-01-16 05:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-01-28 09:51 - 2016-01-16 05:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-01-28 09:51 - 2016-01-16 05:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-01-28 09:51 - 2016-01-16 05:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-01-28 09:51 - 2016-01-16 05:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-01-28 09:51 - 2016-01-16 05:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-01-28 09:51 - 2016-01-16 05:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-01-28 09:51 - 2016-01-16 05:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-01-28 09:51 - 2016-01-16 05:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-01-28 09:51 - 2016-01-16 05:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-01-28 09:51 - 2016-01-16 05:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-01-28 09:51 - 2016-01-16 05:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-01-28 09:51 - 2016-01-16 05:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-01-28 09:51 - 2016-01-16 05:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-01-28 09:51 - 2016-01-16 05:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-28 09:51 - 2016-01-16 05:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-01-28 09:51 - 2016-01-16 05:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-01-28 09:51 - 2016-01-16 05:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-01-28 09:51 - 2016-01-16 05:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-01-28 09:51 - 2016-01-16 05:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-01-28 09:51 - 2016-01-16 05:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-01-28 09:51 - 2016-01-16 05:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-01-28 09:51 - 2016-01-16 05:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-01-28 09:51 - 2016-01-16 05:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-01-28 09:51 - 2016-01-16 05:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-28 09:51 - 2016-01-16 05:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-01-28 09:51 - 2016-01-16 05:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-01-28 09:51 - 2016-01-16 05:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-28 09:51 - 2016-01-16 05:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-01-28 09:51 - 2016-01-16 05:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-01-28 09:51 - 2016-01-16 05:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-01-28 09:51 - 2016-01-16 05:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-15 13:50 - 2015-11-14 13:55 - 01112788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-15 13:50 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-15 13:47 - 2014-07-21 10:03 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-15 12:47 - 2013-05-02 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-15 12:44 - 2009-10-28 15:13 - 00000000 ___SD C:\Users\User\Documents\My Web Sites
    2016-02-15 12:35 - 2014-07-21 10:03 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-15 11:54 - 2012-12-09 21:11 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2012
    2016-02-15 11:49 - 2015-11-14 14:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-15 11:01 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-15 10:59 - 2009-11-18 16:30 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E79AB2EC-E571-4F27-9DC3-54E9C63B7415}
    2016-02-15 10:36 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-15 10:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-14 17:49 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-14 12:02 - 2009-04-22 09:39 - 00000000 ____D C:\Program Files (x86)\Dell
    2016-02-12 15:52 - 2015-09-10 05:42 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-12 15:50 - 2012-05-03 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-12 15:49 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-12 15:48 - 2015-10-30 09:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-11 16:03 - 2013-08-10 12:11 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-11 15:54 - 2010-10-19 10:45 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-11 14:37 - 2014-07-21 10:04 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-11 14:37 - 2014-07-21 10:04 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-10 16:49 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-10 16:30 - 2014-07-21 10:03 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-10 16:28 - 2010-12-13 20:32 - 00000000 ____D C:\Users\User\AppData\Roaming\PCDr
    2016-02-10 16:27 - 2009-04-22 09:38 - 00000000 ____D C:\ProgramData\PCDr
    2016-02-10 16:19 - 2009-04-22 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2016-02-10 16:05 - 2009-05-22 13:50 - 00000000 ____D C:\ProgramData\Dell
    2016-02-10 15:53 - 2015-11-14 13:56 - 00000000 ____D C:\Users\DefaultAppPool
    2016-02-10 15:53 - 2015-11-14 13:56 - 00000000 ____D C:\Users\Classic .NET AppPool
    2016-02-10 15:52 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-02-10 15:52 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-02-10 15:52 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-02-10 15:52 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-02-10 15:52 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2016-02-10 15:52 - 2015-07-15 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-10 15:52 - 2013-11-11 15:42 - 00000000 ____D C:\ProgramData\Oracle
    2016-02-10 15:52 - 2013-04-22 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2016-02-10 15:52 - 2013-04-22 09:24 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2016-02-10 15:52 - 2012-04-29 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
    2016-02-10 15:52 - 2009-11-16 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2016-02-10 15:42 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\registration
    2016-02-10 15:40 - 2013-04-18 13:01 - 00000000 ____D C:\Users\User\Documents\Bigint
    2016-02-10 15:38 - 2009-10-27 20:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server
    2016-02-10 15:37 - 2009-10-29 00:20 - 00000000 ____D C:\Program Files (x86)\Java
    2016-02-10 15:37 - 2009-10-27 20:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2016-02-10 15:24 - 2009-12-09 18:54 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
    2016-02-10 14:43 - 2015-08-28 15:58 - 00000000 ____D C:\Users\User\.oracle_jre_usage
    2016-02-05 10:40 - 2010-08-27 13:36 - 00000000 ____D C:\Users\User\Documents\Career
    2016-02-05 10:38 - 2013-04-22 09:24 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
    2016-02-03 19:01 - 2015-10-30 07:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 19:01 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-03 17:19 - 2010-05-04 01:21 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
    2016-02-01 13:42 - 2013-05-13 10:49 - 00000000 ____D C:\Users\User\Documents\PC_Errors
    2016-01-28 16:30 - 2010-01-07 16:17 - 00000000 ____D C:\Users\User\Documents\PC Tips and logins
    2016-01-28 13:37 - 2012-02-11 22:33 - 00000000 ____D C:\ProgramData\McAfee
    2016-01-28 10:41 - 2012-09-04 20:26 - 00000000 ____D C:\Users\User\Documents\Personal
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-28 10:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-01-25 14:49 - 2010-10-11 22:18 - 00075688 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-01-25 13:46 - 2015-07-15 13:56 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

    ==================== Files in the root of some directories =======

    2010-05-10 21:25 - 2010-05-10 21:24 - 0018638 _____ () C:\Program Files\AJAX_Architecture_at_client.png
    2010-05-10 21:25 - 2010-05-10 21:24 - 0018638 _____ () C:\Program Files\AJAX_Architecture_at_server.png
    2012-12-29 15:36 - 2012-12-29 15:36 - 0000288 _____ () C:\Users\User\AppData\Roaming\.backup.dm
    2011-12-23 13:21 - 2013-11-16 15:41 - 0034816 ___SH () C:\Users\User\AppData\Roaming\Thumbs.db
    2009-11-12 19:58 - 2009-11-12 19:59 - 0023604 _____ () C:\Users\User\AppData\Roaming\UserTile.png
    2015-09-11 11:31 - 2015-10-06 12:54 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
    2012-02-18 21:20 - 2015-09-02 14:38 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-11 15:45

    ==================== End of FRST.txt ============================

    #########################

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-02-15 14:02:10
    -----------------------------
    14:02:10.012 OS Version: Windows x64 6.2.9200
    14:02:10.012 Number of processors: 8 586 0x1A04
    14:02:10.012 ComputerName: DANIELBYE UserName: User
    14:02:11.543 Initialize success
    14:02:11.746 VM: initialized successfully
    14:02:11.746 VM: Intel CPU supported
    14:02:21.231 VM: disk I/O iaStorAV.sys
    14:02:39.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
    14:02:39.802 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
    14:02:39.989 Disk 0 MBR read successfully
    14:02:39.989 Disk 0 MBR scan
    14:02:39.989 Disk 0 Windows 7 default MBR code
    14:02:39.989 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
    14:02:40.005 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 161792
    14:02:40.005 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 937985 MB offset 31619072
    14:02:40.052 Disk 0 Partition 4 00 27 Hidden NTFS WinRE NTFS 450 MB offset 1952612352
    14:02:40.115 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:02:53.914 Service scanning
    14:03:08.419 Modules scanning
    14:03:08.419 Disk 0 trace - called modules:
    14:03:08.435 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorAV.sys
    14:03:08.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00186f85060]
    14:03:08.450 3 CLASSPNP.SYS[fffff8017df07d95] -> nt!IofCallDriver -> [0xffffe001855f6dd0]
    14:03:08.450 5 ACPI.sys[fffff8017ce21361] -> nt!IofCallDriver -> \Device\0000002e[0xffffe001855ff060]
    14:03:08.450 Disk 0 statistics 20948/0/0 @ 0.89 MB/s
    14:03:08.450 Scan finished successfully
    14:04:25.216 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
    14:04:25.263 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"





    ###########################

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
    Ran by User (2016-02-15 13:55:50)
    Running from C:\Users\User\Desktop
    Windows 10 Home (X64) (2015-11-14 14:55:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-224342428-1839300246-3282489254-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-224342428-1839300246-3282489254-503 - Limited - Disabled)
    Guest (S-1-5-21-224342428-1839300246-3282489254-501 - Limited - Disabled)
    User (S-1-5-21-224342428-1839300246-3282489254-1001 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{B194254C-74AD-D391-88B8-13BE11B7987E}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
    Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Crimson Editor SVN263 (HKLM-x32\...\Crimson Editor SVN263) (Version: SVN263 - Emerald Editor Community)
    Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
    CX4300_5500_DX4400 manual (HKLM-x32\...\CX4300_5500_DX4400 manual) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
    Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
    Dell Driver Download Manager (HKU\S-1-5-21-224342428-1839300246-3282489254-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
    Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
    EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
    EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
    EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
    EPSON Easy Photo Print (HKLM-x32\...\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}) (Version: 1.4.2.0 - )
    EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
    EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
    Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
    FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
    GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
    iisnode for iis express 7.x (HKLM-x32\...\{3965F475-7CCF-46CB-A1D3-64CC6A778BCD}) (Version: 0.1.19.0 - Microsoft Corporation)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
    LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
    LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
    McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.170 - McAfee, Inc.)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Advertising SDK for Windows Phone - ENU (HKLM-x32\...\{656458ED-DA77-4C82-AF2F-1640C191A2A7}) (Version: 5.2.819.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update (HKLM-x32\...\{21E7A706-31FF-46AA-A294-FA4A8917B59F}) (Version: 3.0.20406.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages - VWD Express 2010 Tools (HKLM-x32\...\{3CFFC382-6C23-42CB-8B1E-625F9F84E362}) (Version: 1.0.20105.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
    Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
    Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
    Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM-x32\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Windows Phone 7 (HKLM-x32\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM-x32\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
    Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F940D859-DDB5-4067-82E2-3C8D02F8E09F}) (Version: 4.0.1653.0 - Microsoft Corporation)
    Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
    Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
    Microsoft F# Runtime for Silverlight 4 (HKLM-x32\...\{27B6D024-FD7E-4A88-BC17-5AFBE33EC072}) (Version: 2.0.0.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{E016AA48-A21B-4728-9BD0-E3AAE23BEE5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{3D3F1CCD-2C87-4DDD-9B8C-CC0EB429E04D}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{A67C75DE-BED6-4F1B-97EB-30CD1D40FFED}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities (HKLM-x32\...\{84D4753E-A5F3-459A-BC8E-5DCF834CBEA4}) (Version: 10.2.11213.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - Database Projects (HKLM-x32\...\{26b77594-273e-438e-936a-2ec531c0158e}) (Version: 10.2.11213.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.50730.0) (HKLM-x32\...\{E160BE54-CD8A-4B26-A322-137CDF997D5F}) (Version: 11.1.50730.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools (HKLM-x32\...\{3C2441C2-1644-40BA-8491-9518BD34D6C4}) (Version: 10.2.11213.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools 2012 (HKLM-x32\...\{14440351-90c3-4157-b70f-c4430ea882d6}) (Version: 11.1.50730.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.31009.1) (HKLM-x32\...\{6D3F8FA8-A8EF-4200-8F61-68E3D0C42F8F}) (Version: 11.1.31009.1 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{DEB263CA-0386-4648-8382-FB78DBFA2C5F}) (Version: 11.2.5058.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{0845d9ea-46e3-4ac6-af9d-2e3e8e386d80}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
    Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
    Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
    Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
    Microsoft WebMatrix 3 (HKLM-x32\...\{4C1CB8FA-89A5-476A-89B6-C69BDC668A9F}) (Version: 2.0.1932 - Microsoft Corporation)
    Microsoft Windows Phone Developer Tools - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Express for Windows Phone - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Microsoft XNA Game Studio 4.0 Refresh (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
    Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
    Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    MySQL Connector C++ 1.1.6 (HKLM\...\{80EE5F65-5553-47A1-B6A9-8BF3211D21A3}) (Version: 1.1.6 - Oracle and/or its affiliates)
    MySQL Connector J (HKLM-x32\...\{08BE0787-D0CE-4240-93EF-D73DA099A285}) (Version: 5.1.37 - Oracle Corporation)
    MySQL Connector Net 6.9.7 (HKLM-x32\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6}) (Version: 6.9.7 - Oracle)
    MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation)
    MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation)
    MySQL Documents 5.6 (HKLM-x32\...\{4D17B5C1-7388-4647-9A24-D5FDD173D4EA}) (Version: 5.6.27 - Oracle Corporation)
    MySQL Examples and Samples 5.6 (HKLM-x32\...\{3E1DCC2B-8A78-4E91-B2EC-9DCFE25D41FA}) (Version: 5.6.27 - Oracle Corporation)
    MySQL for Visual Studio 1.2.4 (HKLM-x32\...\{32D9A474-FAFC-4E77-B804-055595D5B9E9}) (Version: 1.2.4 - Oracle)
    MySQL Installer - Community (HKLM-x32\...\{14E622E3-878B-4C66-AB07-49CB19FCCE73}) (Version: 1.4.11.0 - Oracle Corporation)
    MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
    MySQL Server 5.6 (HKLM\...\{861A680B-2084-444B-BE8D-89E153BEEEE3}) (Version: 5.6.27 - Oracle Corporation)
    node.js (HKLM-x32\...\{BD99B630-E3FF-4DB5-AA19-BC9990021429}) (Version: 0.6.20 - Joyent, Inc)
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
    Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
    Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    SQL Server 2012 Common Files (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
    SQL Server 2012 Management Studio (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
    VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.5570 (HKLM-x32\...\{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}.vc_x86runtime_30729_5570) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU (HKLM-x32\...\{D25C502E-FF51-424C-8C38-8596FE47D0CD}) (Version: 4.0.8482.1 - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    Visual Studio 2012 Update 5 (KB2707250) (HKLM-x32\...\{6d052d71-b953-48cd-8a75-3462b00efeb7}) (Version: 11.0.61219 - Microsoft Corporation)
    Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20602 (HKLM-x32\...\{ce404cfb-7e03-4ad5-a518-45dbb0a48a34}) (Version: 1.0.9200.20602 - Microsoft Corporation)
    WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
    WCF Data Services SDK for Windows Phone (HKLM-x32\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
    WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Phone Emulator x64 - ENU (HKLM\...\{C9AEABC2-1DD6-3280-9A1A-11E1E8D34AAD}) (Version: 10.0.40219 - Microsoft Corporation)
    Windows Phone SDK 7.1 - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU) (Version: 10.1.40219 - Microsoft Corporation)
    Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM-x32\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
    Windows Phone SDK 7.1 Assemblies (HKLM-x32\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
    Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM-x32\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-224342428-1839300246-3282489254-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {030A797E-67E2-43E6-BC28-2FA2DB9DBA7F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {06737B54-B51B-44E1-9956-14C01EA03683} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
    Task: {088859C0-6389-4C59-BB71-B4AD300B8765} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {0D5161FF-E5F9-49A5-9AA0-807CDC0BACBE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {0D62EE11-9702-4BCA-9A85-6A2B1287352E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {0EB11967-C009-4A1C-8616-7D2D6E85C08C} - System32\Tasks\{30DDB06B-204D-4985-A4D2-3ECDD10E2CE7} => pcalua.exe -a C:\Users\User\Downloads\vs_vmsdk.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {0FC54AC5-2982-4D58-B2A4-22C24E6C0046} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {103B040B-54DE-44E7-A403-42A46161CD4D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
    Task: {155EE42C-C6C5-4923-918D-2BDA92474208} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {1DA65D4B-DEA4-4230-B955-B71D262CAB69} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {20285DA3-083E-4041-8D8C-C8F29CCE59A4} - System32\Tasks\{61872B1F-CA41-4CA2-A969-C73E7E482262} => pcalua.exe -a C:\Users\User\Documents\S435-114.EXE -d C:\Users\User\Documents
    Task: {24950CAC-24A1-4D3F-B0D7-17A12B983D5C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {2E0572D8-AEA9-452C-8C57-850F7A996C7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {2E115B3A-4780-45F6-865C-21C7243ABA70} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {361ECC0A-E10C-4351-969F-C0D59940A79C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {37B88252-ED21-4402-B2E0-69BE717B4216} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {3DB9B023-C7E1-47DF-BD0B-38FFE0C3196D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {3DEED11A-E398-4964-A313-E5DB8DCABD08} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {3F7D3090-CDA9-4766-BB28-CB0B199EFEC1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {4004DD3F-CDDA-4C8E-91AC-ECD70EC02F44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {46363FD6-E4CF-4C57-90A4-4C5A70F2593F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {46FDDD45-96E5-49AC-90C8-0A603BF5FE66} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {5525A287-D46C-438E-BC7E-5A27F2E5E96B} - System32\Tasks\{E8954688-625C-4D87-903C-2B881C4279C9} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXEYODB8\jre-6u24-windows-i586-iftw[1].exe" -d C:\Users\User\Desktop
    Task: {5C2361AD-3E71-40F8-B8DB-8A9F84731FA6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {5D63AA3A-9DF6-4B21-9693-FD2D49664244} - System32\Tasks\{80225B47-001C-42D9-B0C5-3161635FC3E8} => pcalua.exe -a "C:\Program Files\Flex_SDK\flex_sdk_4.1\runtimes\player\10\win\Install Flash Player 10 Plugin.exe" -d "C:\Program Files\Flex_SDK\flex_sdk_4.1\runtimes\player\10\win"
    Task: {5D95C3AC-9AA5-46B3-AB7A-476CD2857980} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {61931E50-BA80-4043-8BA4-823EB27955C6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {645A477D-4F16-4359-A198-17B1C26CC551} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {679631B7-46FD-4ACC-A80B-A8EEBA63D938} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {6B2E0F17-899F-463C-AF68-E8A1D984E8E9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {6C229EC4-0FA3-41F8-9DE9-4105D75B26BB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
    Task: {70E450EF-9D90-451B-8ED9-47E2D41A8101} - System32\Tasks\{46769592-2AC7-416C-90CD-BF6E1098E1BC} => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
    Task: {75421467-2EEF-4EBB-B369-C452E7D26A8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {7BBE0D62-FFCD-481B-AF53-C166E43ED41C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {7DE0570F-ED91-4D95-8E93-E3E2CA1C4D1C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {7EBB644E-8A2A-4B4A-8AA3-EB98211D1DE1} - System32\Tasks\{DF8B4859-63E9-4800-9863-8FC3D4B20F57} => pcalua.exe -a C:\Users\User\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\User\Downloads
    Task: {8DD325A6-A704-476E-8712-370362F66CF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {8E055CBB-DF73-4F4B-BEA1-51CB93DD3879} - System32\Tasks\{2FBE9B6C-E9C2-4B0D-A91B-3BF984CF3313} => pcalua.exe -a C:\Users\User\Downloads\VS90sp1-KB945140-ENU.exe -d C:\Users\User\Downloads
    Task: {911F5D41-7951-4281-9F6B-DF063B031E0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-11] (Microsoft Corporation)
    Task: {91F513D4-1805-4FFB-8B24-E2CE161F1D19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {9623606D-224F-4386-9F55-1935A903797A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {9A57E470-57AF-4BAE-95AC-227DAB43E455} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {9FDBE263-294E-4E8D-8C3F-429CA7AEED6E} - System32\Tasks\{2D01D377-86BB-450D-898B-4C157440569B} => pcalua.exe -a C:\Users\User\Downloads\S435-114.EXE -d C:\Users\User\Downloads
    Task: {A0F00067-0014-474A-869C-A7AB5C86888F} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {A1968529-18F4-4F1A-AB80-52DAB4D8A82A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
    Task: {A5D8B836-6E03-4940-A9A4-982D5B2CCA31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {B288ECF2-4199-4D5F-95F5-3BFBF09BC79D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {B3155FD1-2698-4280-BC7B-D7317D7C6BE9} - System32\Tasks\{C4D81C53-524C-481B-92CF-714E48760367} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe"
    Task: {B437DF91-59FD-41B2-8344-B01F3F75D7AB} - System32\Tasks\{CFD2F969-5B51-407F-849A-25C9EEC553E8} => pcalua.exe -a "c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -c "C:\Users\User\AppData\Local\Temp\Club.vsi"
    Task: {B45A355D-A938-4D75-9616-5A751203253F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {BC23A869-AA7D-47A1-B1B6-9316BED776E1} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-08-20] (Oracle Corporation)
    Task: {BE3A6186-BC62-42C3-A54E-B536A7A684FE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C01A9735-408B-426F-BFB8-FFFF1D95FD25} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {CC0CD62A-1A70-44AF-8D22-438ADA94754B} - System32\Tasks\{2612925F-21C7-410D-8B6A-B3CEFBEF1D6D} => pcalua.exe -a C:\Users\User\Downloads\dotnetfx35.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {CC242ED1-AB27-4FB4-83C1-EDB4049032B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D42A4CCC-DE6F-4532-B31D-DAD2F49DC2AA} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03] (Oracle Corporation)
    Task: {E82A4644-B4EC-48A1-A630-5211E54B5488} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {E8C372CC-52B6-40C5-861D-E7295A982F42} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
    Task: {F00875E3-AE74-4200-963F-BF5AD0331E56} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
    Task: {F359F594-4071-43BE-B133-2481B826A5DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F443DE61-D2E9-416B-81AD-38796B2250F9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {F4E205F9-3572-43B7-885A-F63668366F26} - System32\Tasks\{E441F5C6-9424-43D0-9163-52552EE1B654} => pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMJTYLW3\jre-6u31-windows-i586-iftw.exe" -d C:\Users\User\Desktop
    Task: {F9D189FF-9E96-4C8F-840B-1EF939471B8A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-04 11:42 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-04 11:42 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-30 16:18 - 2015-10-16 10:02 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2015-12-18 10:33 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 10:33 - 2015-12-07 04:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-14 11:18 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-14 11:20 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-28 09:51 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-28 09:51 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-28 09:58 - 2016-01-28 09:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-28 09:58 - 2016-01-28 09:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-28 09:58 - 2016-01-28 09:58 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-224342428-1839300246-3282489254-1001\...\bigint.co.uk -> hxxps://bigint.co.uk
    IE trusted site: HKU\S-1-5-21-224342428-1839300246-3282489254-1001\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-224342428-1839300246-3282489254-1001\...\onthehub.com -> hxxps://e5.onthehub.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 12:34 - 2015-09-05 12:45 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-224342428-1839300246-3282489254-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Dell Customer Connect => 2
    MSCONFIG\Services: DellDataVault => 2
    MSCONFIG\Services: DellDataVaultWiz => 2
    MSCONFIG\Services: DellUpdate => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HomeNetSvc => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: McAfee SiteAdvisor Service => 2
    MSCONFIG\Services: mccspsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: mcpltsvc => 2
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MSK80Service => 2
    MSCONFIG\Services: MYSQL56 => 2
    MSCONFIG\Services: stllssvr => 3
    MSCONFIG\Services: SupportAssistAgent => 2
    MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    MSCONFIG\startupreg: DellSystemDetect => C:\Users\User\AppData\Local\Apps\2.0\8RDDVD1R.HPJ\OD5XRQDY.D2Y\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
    MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    MSCONFIG\startupreg: SkyDrive => "C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{3037ED93-8CA9-493C-AD99-6E644D797F6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{51F808E6-445A-489F-8F85-E09EC1A49EAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E05B7338-21F4-4B36-B8EA-FF85C891D057}] => (Allow) LPort=3306
    FirewallRules: [{B9835890-8933-4717-820B-9F257C7CEE14}] => (Allow) LPort=3306
    FirewallRules: [{39217BC6-9114-4A93-B607-BDA286681404}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{88F6C212-489F-400C-9497-09351542D9A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{28E80EE7-69BF-4894-8D68-2348B4DA36DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AB4FA468-EC0C-4B97-BF23-C114BC246480}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{87CCB871-CA26-467F-873F-5DF7694A9ECD}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{FF43CFF9-7D0D-4C9C-9F10-4CA78868ADE0}] => (Allow) svchost.exe
    FirewallRules: [{AB33BB27-BD52-41FC-8F3E-C56CB4A4212F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{CA8824F3-BBBE-4244-9867-6720C6895D3D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{21274BD9-45C3-41A9-A709-96F4C50F1C3E}] => (Allow) LPort=2869
    FirewallRules: [{91CC71BF-C70A-47EA-969B-3235C5D400D3}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{8D8D9B6A-1709-4EA5-B7F3-00BBBD1BA3C0}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
    FirewallRules: [UDP Query User{D489A902-7510-4067-894D-5EB44C52EB6A}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
    FirewallRules: [TCP Query User{5CB6E129-4920-46D0-9DC7-6F94E357F57B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
    FirewallRules: [UDP Query User{70365011-43BA-4D73-B05B-56A988716078}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
    FirewallRules: [{31690A2B-C366-4619-9EE8-E8B1C617B179}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
    FirewallRules: [{7D7FCBC3-53D2-4897-B16F-DFE89CC03CA3}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{7B2B3B1C-2906-4CAC-9D7C-3EB8A274EEDC}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{18FC9039-3C21-47CA-94E4-04E2253D0AA9}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{282930E6-C07C-47B1-A205-7DEB0E7655A4}] => (Allow) LPort=3306
    FirewallRules: [{D4392761-59C1-4BF5-B7C9-12695A44E238}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{E31ED2EA-8E92-4F9A-A297-D87B5B7325B6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{97589C6C-A93E-45B9-814E-E043956E5DF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4BD7434D-8EEA-4589-AE31-A7CE4884044E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{81BB91F3-9A4D-4790-ADD6-9F79285BFD47}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{0DD5C4FE-3C7F-4135-9AC7-69E5AE449ABC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2016 10:27:08 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: SQLAgent$SQLEXPRESS8

    Error: (02/15/2016 10:27:06 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: MSSQL$SQLEXPRESS8

    Error: (02/14/2016 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
    Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

    Error: (02/14/2016 04:54:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANIELBYE)
    Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/14/2016 10:01:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DellDataVault.exe, version: 3.9.3.0, time stamp: 0x54cc079f
    Faulting module name: DellDataVault.exe, version: 3.9.3.0, time stamp: 0x54cc079f
    Exception code: 0xc0000005
    Fault offset: 0x000000000001aa84
    Faulting process id: 0x23e8
    Faulting application start time: 0xDellDataVault.exe0
    Faulting application path: DellDataVault.exe1
    Faulting module path: DellDataVault.exe2
    Report Id: DellDataVault.exe3
    Faulting package full name: DellDataVault.exe4
    Faulting package-relative application ID: DellDataVault.exe5

    Error: (02/14/2016 10:00:43 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: SQLAgent$SQLEXPRESS8

    Error: (02/14/2016 10:00:42 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: MSSQL$SQLEXPRESS8

    Error: (02/12/2016 03:56:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: DellDataVault.exe, version: 3.9.3.0, time stamp: 0x54cc079f
    Faulting module name: DellDataVault.exe, version: 3.9.3.0, time stamp: 0x54cc079f
    Exception code: 0xc0000005
    Fault offset: 0x000000000001aa84
    Faulting process id: 0x2374
    Faulting application start time: 0xDellDataVault.exe0
    Faulting application path: DellDataVault.exe1
    Faulting module path: DellDataVault.exe2
    Report Id: DellDataVault.exe3
    Faulting package full name: DellDataVault.exe4
    Faulting package-relative application ID: DellDataVault.exe5

    Error: (02/12/2016 03:05:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
    Faulting module name: MSHTML.dll, version: 11.0.10586.71, time stamp: 0x5699d485
    Exception code: 0xc00000fd
    Fault offset: 0x0041d8f4
    Faulting process id: 0x1b84
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5

    Error: (02/12/2016 02:47:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
    Faulting module name: MSHTML.dll, version: 11.0.10586.71, time stamp: 0x5699d485
    Exception code: 0xc00000fd
    Fault offset: 0x0041d6be
    Faulting process id: 0x1d60
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3
    Faulting package full name: IEXPLORE.EXE4
    Faulting package-relative application ID: IEXPLORE.EXE5


    System errors:
    =============
    Error: (02/15/2016 01:57:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x9000000026928. The name of the file is "\Users\User\SkyDrive\Documents\Documents\Bakups_DOCTRINA\25_4_Upload\Photo Gallery\Photo Gallery\App_Code". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:57:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0xa000000029aab. The name of the file is "\Users\User\SkyDrive\Documents\Documents\Development_Tools\Twitter-Bootstrap\twitter-bootstrap-v2.1.0-1-g320b75d\twitter-bootstrap-320b75d\docs\build\node_modules\hogan.js\wrappers". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:57:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0xd000000029ab1. The name of the file is "\Users\User\SkyDrive\Documents\Documents\Development_Tools\Twitter-Bootstrap\twitter-bootstrap-v2.1.0-1-g320b75d\twitter-bootstrap-320b75d\docs\components". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:57:07 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x20000000545c4. The name of the file is "\Users\User\SkyDrive\Documents\Documents\JDrive_SanDiskCruzer\Removable Disk\University\BA Hons Computing in Business\Year 2\Web & Application Dev't\Week14". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:57:07 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x100000005912c. The name of the file is "\Users\User\SkyDrive\Documents\Documents\Year3_Downloads_For_Sabatical\Year3\Corporate_Business_Strategy\Lectures\Lecture5". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:56:48 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x600000001d6b4. The name of the file is "\Users\User\SkyDrive\Documents\LDrive_ClearMem_Stick\USB DISK\University\Steve Wade - developing database apps\WadeDatabaseExamples\SQL Tutorials". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 01:56:48 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x500000001d975. The name of the file is "\Users\User\SkyDrive\Documents\LDrive_ClearMem_Stick\USB DISK\University - Computing in Business\Year 1 - 2008-2009\Term 1\CFI 2145 - Fundamentals of Info Systems\FIS - Assignment 1". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 12:59:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_528df service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/15/2016 12:21:54 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x200000008cb79. The name of the file is "\Users\User\Documents\Bigint\Bigint_Customers\Browndog_Designs\DeliverablesLtd\Plugins\Image_Plugins\revslider\images\dummy". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

    Error: (02/15/2016 12:21:36 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume C:.

    A corruption was found in a file system index structure. The file reference number is 0x300000008c32d. The name of the file is "\Users\User\Documents\Bigint\Bigint_Customers\Browndog_Designs\DeliverablesLtd\Backups\24-9-14_Full_Online\public_html\wp-content\uploads\2014\05". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".


    CodeIntegrity:
    ===================================
    Date: 2016-02-14 16:56:43.144
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-12 15:52:26.658
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-12 10:24:03.203
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-28 10:10:09.278
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-15 13:52:13.507
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-12 13:12:23.173
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-08 11:02:42.616
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-31 13:19:45.175
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-31 11:37:08.656
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-31 11:05:36.596
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Percentage of memory in use: 35%
    Total physical RAM: 6135.14 MB
    Available physical RAM: 3932.36 MB
    Total Virtual: 12279.14 MB
    Available Virtual: 10227.39 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:916 GB) (Free:793.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.17 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=916 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================
    Last edited by tashi; 2016-02-19 at 07:03. Reason: Merged two posts. :-)

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Nothing really jumping out at me as bad on your logs. Lets download , install and run Malwarebytes and see what it finds and removes, you can use your USB drive for this, Download it to the drive and transfer to the the computer with this issue


    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP



    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"









    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes



    Last edited by ken545; 2016-02-20 at 14:15.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default

    Hi Ken545,

    I'm really pleased someone has got back to me, I must admit I was starting to wonder if there was a problem with my PC that required special investigation or an issue with my forum account. I am aware the help supplied in the forum is from kind volunteers, so I am very grateful.

    Sorry about the long reply!

    My original post was not as clear as it could have been because of a few grammatical errors. At the time I made the original post I think I was in a little bit of shock, I was certainly a little bit stressed after what happened. I just wasn't expecting this to happen especially on the actual Microsoft.com site, of all sites.

    Just to clarify what happened. I was on the main Microsoft.com Windows 10 ISO download page, which I accessed through the very top link of Google's results.

    To ask someone about Windows build numbers I went to the 'Support' tab on the main menu at the top of the Microsoft.com page and I chose the 'Call or Chat' option from the dropdown.

    This took me to another page with a range of support options. To get a fast answer I chose chat now.

    I was 2nd in the queue. Soon after I was connected to a support agent called Anthony. I explained that I'd had lots of Windows error messages, so he started to help me. He said let me take a look at your PC, so I gave him access.

    At this time, for some reason the virtual technician app transferred me to an agent called Ian.

    He started to update my graphics drivers; but, I asked him to stop because the latest drivers don't work with my Windows 10. He said, "I can't stop it".

    I advised that all I want to know is the right ISO download for my build number. Then, he started to type an address in my browser "microsoft.com/en- .....", but he stopped and put another address in.

    Two grey windows popped up over each other, the top detailed this, "A virus has been put on your computer .....". At the bottom it said, "You need to pay money on the below telephone number to get access to your PC back".

    Whoever was doing this took control of my mouse pointer and ran the pointer slowly from left to right underneath the text saying "A virus has been put on your computer ..." and "Pay now", emphasizing what I had o do.

    I tried to shut down at the start button, but I couldn't, my PC would not let me. So, I powered off. Then, when I tried to restore, all my restore points had gone.

    I'm 100% sure that I had lots of restore points and that PC restore worked fine, because I restored my PC last week following an update issue. Now system protection says that 'restore points have never been setup on this computer'

    Also, anti virus pop up boxes keep popping up saying my anti virus is not on. I pay a monthly subscription for this through my service provider and it up to date and on.

    I'm conscious that I have posted here before and it turned out to be a broken mouse that was the issue. You kindly helped me with that. I don't want to waste your time, or mine. And, I have killing back ache from using a laptop on a coffee table from the couch, because I daren't connect my desk PC to the internet until I heard from the forum. But, I just can't understand why whoever, would say a virus was on my PC if they hadn't put one on. And then there's the restore issues. I just still don't feel happy about the whole situation.

    Phew!

    Anyway, the log is below and nothing was found. I'm at a loss.

    Thanks.


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 20-Feb-16
    Scan Time: 2:16 PM
    Logfile: Malwarebytes_Scan_Results.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.09.22.05
    Rootkit Database: v2015.09.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 576209
    Time Elapsed: 51 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I remember you Dan. Sometimes clicking on a bad link with pull up the Your Infected Screen when most times your not. Myself, I would not give access to anyone to fix my pc period, most times its not good. Not sure what this guy did with your graphics driver and why your having the issues that you are. No telling what else hes done

    I think what you should do is start the other computer and see how things are working, post back and let me know
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default

    Hi Ken,

    Thanks for your assistance with this.

    I'd just like to stress that the PC in question been absolutely fantastic since I bought it about 5 years ago. The performance has been great and I try my best to take good care of it.

    I never, ever, have a need to go on any sites that could be in any way construed as being dodgy. All I do is look into things to do with building websites, because that's what I do for a living - so I'm not a beginner PC user either.

    Moving on.

    I switched the PC on while connected to the internet and it didn't start properly. It started, then stopped, then started again a couple of times as though it was updating, but no updates were installed.

    There is a driver problem now; I'll look into that later. My desktop icons have all gone bigger too, I think because of the former.

    The main issue is that I keep on getting messages that all my security is off, but the security is on, and they won't go away. I have attached a few images. I mean, all my security apps too, Windows defender, Smart Screen Filter, UAC Account Control, McAfee firewall and McAfee anti virus.

    By the way, I forgot to mention that guy who put the "A virus has been put on your computer ..." message up on my screen, went into the Windows services desktop app on my PC and did something there quickly before the virus message appeared.

    Then there is the restore issue. I can't return the PC to a previous state and I could the other day - so I'm sure he's done something connected with system restore.

    The PC doesn't seem too bad apart from the Windows security messages and restore issue. Windows seems to think the security is off, because the security warning messages keep appearing in the tray and action centre, but McAfee is reporting everything is fine?

    When I go to the firewall settings through the action centre warning message and trust this McAfee application to make changes, it makes no difference, the messages stay up.

    Please find some images attached.

    Thanks again


    a.png
    b.png
    c.png
    d.png

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not always but sometimes rebooting your system 3 or times can fix things. Give it a try and see if you can enable your security settings

    Its like were in between a rock and a hardplace, theres an option to do a repair install of windows, but coming from Vista to Win 7 and now Win 8 it wont work. Its also possible to revert your system back to Win 7, but dont go there yet
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default

    Hi Ken,

    I switched the PC on the first time and the keyboard wouldn't work, the mouse pointer moved but would not click on anything and there were no sounds. I tried again and got into Windows.

    From there I restarted a few times and the anti virus messages do appear to have gone.

    Thanks.

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Are you able to reset your security settings, after rebooting a few times has the mouse and keyboard gotten better ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default

    Hi,

    I can see two lots of security settings, one set internet related accessed from task bar search box menu and another set accessed from the Security and Maintenance Centre.

    I reset the internet related settings, but there are only settings to stop displaying security and maintenance error messages in the other settings.

    The security messages have started popping up again saying the firewall is off. I choose the McAfee firewall from the 'turn on firewall' options in the warning box and then trust the program but nothing changes.

  10. #10
    Member
    Join Date
    Oct 2009
    Posts
    87

    Default

    To remove the Windows error messages showing in my initial logs I tried doing a DISM repair. That's how all this started. I ran the sfc scannow and restore health utility but the system asked for the source disks and I didn't have them.

    I did not have any security issues at all at that time though, they only started appearing after the chat virus incident on Microsoft.com support.

    Do you think I need to run this again with the source disk to repair Windows? I know my build number and version, but I am terrified to go looking for the correct Windows 10 ISO now on the Microsoft site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •