Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Real-Time Scanning Problem (Possible Malware?)


  • Please log in to reply
27 replies to this topic

#1 Tapir

Tapir

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 January 2017 - 11:09 AM

 
Hi
 
I've been redirected here from the 'Am I infected?' forum to post FRST logs. 
 
Here's my problem:
 
Recently McAfee showed that Real-Time scanning was not on. I tried turning it on but it would switch off again within seconds. Then the same thing began happening with my firewall. I contacted my ISP who provided the software and they recommended I uninstall and reinstall McAfee. This seemed to solve the issue at first but then it happened again and got worse. At one point I could no longer get the 'turn on' button to click and the options seemed to change. Eventually I managed to get McAfee to work fine and it *appears* to be working ok in normal mode. In Safe Mode I still got the warning about Real Time scanning not being on, even while it appeared to be on in normal mode so I'm not completely convinced yet. 
 
In addition, I recently ran a malware scan with Malwarebytes (v.3). This too had trouble keeping real-time scanning on. Currently the Ransomware Protection won't even come on. I click it to 'on' and it just says 'starting...' and stays like that.
 
Here's a list of everything that's happened over the last week, approximately in order:
 
  • McAfee shows warning that Real-Time scanning isn't on. It refuses to stay on. Eventually the firewall shows the same problem.
  • McAfee issue eventually appears resolved but still shows as an issue in Safe Mode.  
  • I then find I can no longer open icons on the desktop. I just get a blue circle whirling round after clicking on them.
  • In Safe Mode with networking, I cannot connect to the internet. An attempt to look into proxy settings reveals I can't access them via Internet Options or via Chrome settings.
  • I run sfc / scannow in Safe Mode a few times. It shows there are corrupt files that can't be fixed. 
  • Unable to do anything else, I do a system restore in Safe Mode to a date before the problems occurred. On rebooting in normal mode, a message displays saying that restore could not fully complete or words to that effect. Nonetheless, my access to the internet is restored and I can finally click on icons and open folders again (with the exception of 'internet options' under the control panel).
  • Now able to download software from the internet, I run an ESET scan which takes ages and leave it overnight, but it appears to be stuck on one folder or file so I cancel and try Malwarebytes. This finds some adware but also gets stuck in what I think was Temp Files. So...
  • I run CCleaner to clear out Temp Files and can then run the full scan. Malwarebytes shows under the reports tab that it blocked Malware 8 times during the scanning period. Does this mean it was blocking Malware that was trying to access my system as the scan was running? 'Malware blocked' suggests this but I don't know.
 
Current situation:
  • I have access to the internet, but it's a bit slow and I have to refresh web pages sometimes when they first try to load up.
  • Malwarebytes shows that Ransomware protection is not coming on which makes me worry that the real-time protection issue isn't resolved or something is still interfering with my settings.
  • Hotmail made me change my password, thinking someone else was using my account but I realise this could be because it didn't recognise me accessing my emails via my iphone/wifi. Not sure why it thought this though so I'd like reassurance that that is all it is.
  • Still no access to 'internet options' in the control panel. I click on 'internet options' and it won't open.
  • I tried to back up my files using Cobian and got part way through before the laptop switched off suddenly. It's been doing this a lot lately but I think it may be because the battery is dead and the laptop only switches on when plugged in to the mains. A slight change in the position of the lead probably results in the sudden loss of power. I have manually backed up the rest of my files onto an external hard drive. Naturally I was pretty worried when it got to the stage where I could do nothing but system restore so I'm taking no risks!
 
Also, I've had this message or similar come up a few times:
0x8007000E
RunDLL
c:\windows\system32\inetcpl.cpl is not a valid Win32 application
 
 
 
 
Thanks in advance for your help! 
 
 
Now going to post FRST logs....

Edited by Tapir, 23 January 2017 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 January 2017 - 11:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Pufferfish (administrator) on PUFFERFISH-VAIO (23-01-2017 13:09:53)
Running from C:\Users\Pufferfish\Desktop
Loaded Profiles: Pufferfish (Available Profiles: Pufferfish)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Dropbox, Inc.) C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [850536 2016-11-18] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [Dropbox Update] => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1002439171-454579158-3284813215-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1002439171-454579158-3284813215-1000] => http=127.0.0.1:16110;https=127.0.0.1:16110
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AA8BA001-B0E3-45F6-888D-3A92C5F1A644}: [DhcpNameServer] 192.168.1.254
ManualProxies: 1http=127.0.0.1:16110;https=127.0.0.1:16110
 
Internet Explorer:
==================
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {0FC5A84E-5146-4C58-8CBB-0988A38A8BE0} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {22DA3CAA-0A1B-47D7-B025-1745173BEB2F} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {878D2806-DB67-45F8-9D62-E101A700303D} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20141107&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-04] (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-04] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-04] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default [2017-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-23] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-23] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [0 2010-11-21] () <==== ATTENTION (zero byte File/Folder)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 13:09 - 2017-01-23 13:11 - 00025826 _____ C:\Users\Pufferfish\Desktop\FRST.txt
2017-01-23 13:09 - 2017-01-23 13:09 - 02420736 _____ (Farbar) C:\Users\Pufferfish\Desktop\FRST64.exe
2017-01-23 13:09 - 2017-01-23 13:09 - 00000000 ____D C:\Users\Pufferfish\Desktop\FRST-OlderVersion
2017-01-23 13:06 - 2017-01-23 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-23 13:02 - 2017-01-23 13:02 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2B3C4D12-EFE4-46F6-9830-94F06BB6A782}
2017-01-23 11:55 - 2017-01-23 11:55 - 00003288 ____N C:\bootsqm.dat
2017-01-23 11:50 - 2017-01-23 11:50 - 00000000 __SHD C:\found.004
2017-01-22 22:28 - 2017-01-22 22:28 - 00025991 _____ C:\Users\Pufferfish\Downloads\Addition.txt
2017-01-22 22:25 - 2017-01-22 22:28 - 00047240 _____ C:\Users\Pufferfish\Downloads\FRST.txt
2017-01-22 22:23 - 2017-01-22 22:23 - 02420736 _____ (Farbar) C:\Users\Pufferfish\Downloads\FRST64 (1).exe
2017-01-22 18:56 - 2017-01-22 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-01-22 18:56 - 2017-01-22 18:57 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-01-22 18:54 - 2017-01-22 18:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Pufferfish\Downloads\cbSetup.exe
2017-01-22 17:27 - 2017-01-22 17:27 - 00004154 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-22 11:31 - 2017-01-22 11:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A3D50E47-F1E4-4BD3-84DF-45FE9E0E5AF8}
2017-01-21 22:13 - 2017-01-23 12:07 - 00003978 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-21 21:02 - 2017-01-23 12:59 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-21 21:02 - 2017-01-23 12:59 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-21 21:02 - 2017-01-21 21:02 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-21 21:01 - 2017-01-23 12:59 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 21:01 - 2017-01-23 12:59 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-21 21:01 - 2017-01-23 12:58 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-21 21:01 - 2017-01-22 20:21 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 21:01 - 2017-01-22 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 21:01 - 2017-01-21 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 21:01 - 2017-01-21 21:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 20:55 - 2017-01-21 20:55 - 54199488 _____ (Malwarebytes ) C:\Users\Pufferfish\Downloads\mb3-setup-1878.1878-3.0.5.1299 (1).exe
2017-01-21 17:03 - 2017-01-21 17:07 - 00000000 ____D C:\Users\Pufferfish\Desktop\Jewellery Order Info
2017-01-21 16:34 - 2017-01-21 16:35 - 00000000 ____D C:\Users\Pufferfish\Documents\Packing Lists
2017-01-21 16:29 - 2017-01-22 19:33 - 00000000 ____D C:\Users\Pufferfish\Documents\Writing Stuff
2017-01-21 16:27 - 2017-01-21 16:28 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (4).exe
2017-01-21 16:12 - 2017-01-21 16:12 - 00422944 ____N C:\Users\Pufferfish\Documents\cc_20170121_161217.reg
2017-01-21 15:59 - 2017-01-21 16:02 - 00068945 _____ C:\Windows\system32\sfcdetails.txt
2017-01-21 15:55 - 2010-11-21 03:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2017-01-21 15:55 - 2009-07-14 01:45 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys
2017-01-21 15:42 - 2017-01-21 15:43 - 08813488 _____ (Piriform Ltd) C:\Users\Pufferfish\Downloads\ccsetup526.exe
2017-01-21 15:10 - 2017-01-21 15:10 - 00004298 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-01-21 15:08 - 2017-01-21 15:11 - 00000150 _____ C:\Windows\Reimage.ini
2017-01-21 15:06 - 2017-01-21 15:07 - 00604928 _____ (Reimage) C:\Users\Pufferfish\Downloads\ReimageRepair.exe
2017-01-21 12:22 - 2017-01-21 12:22 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (3).exe
2017-01-21 12:21 - 2017-01-21 12:21 - 00000302 _____ C:\Users\Pufferfish\Desktop\esetscan.txt
2017-01-21 12:17 - 2017-01-21 12:18 - 06770304 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\ESETOnlineScanner_ENU (2).exe
2017-01-21 12:08 - 2017-01-21 12:08 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{F862510C-BA61-4E52-A132-D35FEBAAA1A2}
2017-01-20 16:18 - 2017-01-20 16:18 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\ESET
2017-01-20 16:16 - 2017-01-20 16:17 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu.exe
2017-01-20 16:16 - 2017-01-20 16:17 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (1).exe
2017-01-19 20:17 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-19 20:17 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-19 20:17 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-19 20:17 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-19 20:17 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-19 20:17 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-19 20:17 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-19 20:17 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-19 18:54 - 2017-01-19 18:54 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-19 18:40 - 2017-01-19 18:41 - 54199488 _____ (Malwarebytes ) C:\Users\Pufferfish\Downloads\mb3-setup-1878.1878-3.0.5.1299.exe
2017-01-19 18:30 - 2017-01-20 12:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2690DD59-08BE-43F0-B36C-C735F4D2B3E3}
2017-01-19 15:40 - 2017-01-19 15:40 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2374B381-808E-4DC1-93D6-5654030D7EE1}
2017-01-19 13:56 - 2017-01-19 13:56 - 00000000 __SHD C:\found.003
2017-01-18 16:10 - 2017-01-19 16:30 - 00000000 ____D C:\989b789f835f773520
2017-01-18 16:04 - 2017-01-18 16:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C584D894-A6C8-449B-830D-444D14D6A764}
2017-01-17 14:25 - 2017-01-17 14:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3E262CF1-E7EF-4902-85ED-4C5417549088}
2017-01-17 02:24 - 2017-01-17 02:24 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{4B3939DF-ABEF-4446-B0FF-FBEC4997DB2A}
2017-01-16 20:56 - 2017-01-16 20:57 - 00249658 _____ C:\Users\Pufferfish\Downloads\Assistant Corporate Resources (Customer Services).pdf
2017-01-16 14:31 - 2017-01-19 18:12 - 00000000 ____D C:\4c910e321cc753580233011c5b
2017-01-16 14:23 - 2017-01-16 14:23 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8CEFF1B0-2F2F-410B-823E-83C632FF2672}
2017-01-14 18:02 - 2017-01-14 18:02 - 00000000 ____D C:\Windows\CheckSur
2017-01-14 17:57 - 2017-01-14 17:57 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{94DD5CA8-37A9-44C6-9AA1-042F3FFBC001}
2017-01-13 19:06 - 2017-01-13 19:06 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A8C8B0B3-071E-4BA1-AC64-CC6E1FA77178}
2017-01-13 15:36 - 2017-01-13 15:36 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-13 15:21 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-01-13 15:21 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps(49).exe
2017-01-13 13:49 - 2017-01-13 13:49 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\McAfee
2017-01-13 13:42 - 2017-01-13 13:42 - 00016680 _____ (McAfee, Inc.) C:\Windows\GetSusp.sys
2017-01-13 13:42 - 2017-01-13 13:42 - 00000000 _____ C:\Users\Pufferfish\Downloads\GetSusp.tmp
2017-01-13 06:50 - 2017-01-13 06:50 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D17690D0-5E55-464A-95FD-4FB7E9F0A92D}
2017-01-12 13:25 - 2017-01-12 13:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D3C7674A-8105-4CF4-960A-BF02609E20EF}
2017-01-11 12:16 - 2017-01-11 12:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8E400C88-1D78-4A23-87EF-84888C6F8A9B}
2017-01-10 12:34 - 2017-01-10 12:34 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{DB26CC4B-234B-4ECC-8557-15578A561796}
2017-01-09 14:04 - 2017-01-09 14:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{B85AA2E7-0BDF-4F69-BC86-ED2FD5C47641}
2017-01-08 17:54 - 2017-01-08 19:40 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\Microsoft Games
2017-01-08 17:54 - 2017-01-08 17:54 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-01-08 11:53 - 2017-01-08 23:55 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3412790B-E991-49CD-846C-764A6F74F584}
2017-01-07 18:33 - 2017-01-07 18:33 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C858F568-51CA-4BB9-BDBB-DCEB82331C4B}
2017-01-06 19:17 - 2017-01-06 19:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{0537C990-8620-465F-9B03-FAF49C3C9EE6}
2017-01-05 12:38 - 2017-01-06 06:44 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{5F76440A-DEAD-48F6-9D6E-0D5D9321D07B}
2017-01-04 18:42 - 2017-01-04 18:42 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{58F60096-AD14-45BA-B6A8-EF7B4747E496}
2017-01-04 06:41 - 2017-01-04 06:41 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{E2E44964-D17F-4730-BC66-20C251E4DA36}
2017-01-01 16:20 - 2017-01-03 12:21 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{BAE576C2-61E3-4059-9EFF-C78A9DDB7D25}
2016-12-28 23:00 - 2016-12-28 23:00 - 00230944 _____ C:\Users\Pufferfish\Downloads\10710189-BUY4803471-e-Voucher (6).pdf
2016-12-28 22:56 - 2016-12-28 22:56 - 00230944 _____ C:\Users\Pufferfish\Downloads\10710189-BUY4803471-e-Voucher (5).pdf
2016-12-28 22:41 - 2016-12-28 22:41 - 00230944 _____ C:\Users\Pufferfish\Downloads\10710189-BUY4803471-e-Voucher (4).pdf
2016-12-26 20:37 - 2016-12-28 22:30 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{CDFEC70B-7413-4D63-BD0B-AD2C01AAED90}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-23 13:02 - 2015-02-10 21:53 - 00000000 ___RD C:\Users\Pufferfish\Dropbox
2017-01-23 13:02 - 2012-11-12 15:15 - 00000000 ____D C:\Users\Pufferfish\Tracing
2017-01-23 13:01 - 2012-09-29 15:52 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7AECA64-9283-4103-8756-E16878E7E36B}
2017-01-23 12:44 - 2015-06-16 05:58 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA.job
2017-01-23 12:29 - 2012-10-29 10:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-23 12:10 - 2016-08-17 18:39 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-23 12:10 - 2009-07-14 04:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-23 12:04 - 2009-07-14 05:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-23 12:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-01-23 11:56 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 22:25 - 2016-12-16 10:52 - 00000000 ____D C:\FRST
2017-01-22 20:15 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Pufferfish\Documents\Bluetooth Folder
2017-01-22 20:14 - 2012-09-29 15:47 - 00000000 ____D C:\Users\Pufferfish
2017-01-22 19:32 - 2013-02-19 12:12 - 00000000 ____D C:\Users\Pufferfish\Documents\Fax
2017-01-22 18:18 - 2014-05-09 15:36 - 00590336 ___SH C:\Users\Pufferfish\Desktop\Thumbs.db
2017-01-21 23:44 - 2015-06-16 05:58 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core.job
2017-01-21 22:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2017-01-21 20:43 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-21 18:09 - 2012-09-29 15:47 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Sony Corporation
2017-01-21 16:55 - 2012-03-04 23:55 - 00000000 ____D C:\ProgramData\McAfee
2017-01-21 16:51 - 2012-10-02 10:30 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\SoftGrid Client
2017-01-21 16:34 - 2015-01-21 18:34 - 00000000 ____D C:\Users\Pufferfish\Documents\Bulb Shop Scilly
2017-01-21 16:08 - 2012-10-13 18:02 - 00000000 ____D C:\Windows\Minidump
2017-01-21 16:08 - 2012-10-13 17:56 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\CrashDumps
2017-01-21 16:08 - 2011-02-10 22:48 - 00000000 ____D C:\Windows\Panther
2017-01-21 15:25 - 2015-07-15 22:05 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-20 15:32 - 2012-10-13 18:30 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-20 12:41 - 2013-08-08 10:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-20 12:32 - 2012-10-01 13:55 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-19 19:31 - 2012-10-29 10:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-19 19:30 - 2012-10-29 10:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-19 19:30 - 2012-10-29 10:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-19 19:30 - 2012-10-29 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-19 19:30 - 2012-03-05 00:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-19 19:14 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files\McAfee
2017-01-19 18:58 - 2016-08-18 21:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 18:55 - 2015-02-10 21:48 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Dropbox
2017-01-19 18:51 - 2015-09-16 13:07 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-19 18:38 - 2016-08-18 21:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 18:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-19 18:12 - 2016-08-17 19:16 - 00000000 ____D C:\EEK
2017-01-19 18:12 - 2016-01-07 07:08 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-19 18:12 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2017-01-19 18:12 - 2012-03-04 23:57 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-01-19 18:12 - 2011-10-20 22:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-19 18:12 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-19 18:08 - 2016-02-23 17:29 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-19 18:08 - 2015-07-15 22:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-19 18:08 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files\McAfee.com
2017-01-19 18:06 - 2012-10-02 10:35 - 00000000 __RHD C:\MSOCache
2017-01-18 13:13 - 2014-08-11 17:16 - 00000000 __SHD C:\Users\Pufferfish\AppData\Local\EmieUserList
2017-01-18 13:13 - 2014-08-11 17:16 - 00000000 __SHD C:\Users\Pufferfish\AppData\Local\EmieSiteList
2017-01-16 14:24 - 2014-11-10 14:10 - 00000000 ____D C:\Users\Pufferfish\Desktop\Holidays Info
2017-01-09 20:42 - 2015-03-10 11:42 - 00000000 ____D C:\Users\Pufferfish\Documents\Harlow Carr
2017-01-09 16:19 - 2014-02-23 22:04 - 00013656 ____N C:\Users\Pufferfish\Documents\Materials Index.xlsx
2017-01-05 12:28 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
Some files in TEMP:
====================
2017-01-22 15:08 - 2017-01-22 15:08 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\GUREE06.exe
2017-01-21 15:08 - 2017-01-21 15:08 - 13414504 _____ (Reimage) C:\Users\Pufferfish\AppData\Local\Temp\ReimagePackage.exe
2017-01-22 15:07 - 2017-01-22 15:07 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\uyx9ur1l.dll
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\IEAdvpack.dll
C:\Windows\System32\Drivers\cmdide.sys
C:\Windows\System32\Drivers\msahci.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-17 20:35
 
==================== End of FRST.txt ============================


#3 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 January 2017 - 11:16 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Pufferfish (23-01-2017 13:12:37)
Running from C:\Users\Pufferfish\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-29 15:47:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002439171-454579158-3284813215-500 - Administrator - Disabled)
Guest (S-1-5-21-1002439171-454579158-3284813215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1002439171-454579158-3284813215-1002 - Limited - Enabled)
Pufferfish (S-1-5-21-1002439171-454579158-3284813215-1000 - Administrator - Enabled) => C:\Users\Pufferfish
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.11 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.11 - British Broadcasting Corp.) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Coupon Printer (HKLM-x32\...\Coupon Printer2.1.0.0) (Version: 2.1.0.0 - Coupons.com Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation)
VAIO Care (HKLM\...\{28D70998-F9F8-4F4B-BB1D-64C11123C01B}) (Version: 8.4.5.06021 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.10090 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version:  - )
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.2.0.16270 - Sony Corporation)
Valued Opinions Plus (HKLM-x32\...\{192A850D-9DCB-423E-8525-E314BFD07B70}) (Version: 1.1.0.368 - Valued Opinions)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VUx64 (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (x32 Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00259FE5-85B9-4323-B19E-D2ED31C95F7D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {03E302C3-F14B-4E5B-9256-3F917B518C5A} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {179A81BB-4B7D-4D4A-AB97-F01696590F2F} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {19C9CDCD-0114-4D24-AF5D-6F3C51A92216} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {25487169-1F5D-4519-ACD9-3877D83D3705} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {2577E2E8-C62F-4D60-8750-825C68409408} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {26BE1A17-47AF-4466-B6CA-820B0D57EDF5} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {32E05CFE-6727-417B-9D66-4C8ED71C7E16} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {36AA55F3-5EC7-4403-9800-8432DF8C8613} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2016-04-25] (Sony Corporation)
Task: {527B24D8-BDF1-49EC-9808-6A5EC6689198} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-19] (Adobe Systems Incorporated)
Task: {59F069B7-A935-4209-84D3-E9F313B44824} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {635BD005-55C9-4383-9C58-6BF35F42EED0} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2016-05-30] (Sony Corporation)
Task: {65AD7B0E-FCBD-4B06-B736-3443E658F4BD} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {73C83B31-950C-4D02-A165-F247BDE31CE9} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {7E37E59C-FDE2-47C0-B4D0-E31BA518BDE6} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {861F12D2-70FE-44DE-AA4E-1C4DFA7A34D9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2016-03-24] (Sony Corporation)
Task: {8936B7E5-4030-4C13-BCC4-B94028BA4AFA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2016-03-31] (Sony Corporation)
Task: {9249A193-4F6E-431B-BB0B-7C05EB5BB52B} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {99607591-EE58-4E2B-B1EA-DFAFC892D24A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2016-03-18] (Sony Corporation)
Task: {AEF24EA7-0239-408C-98E4-8F25A4CAA709} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {AF85DB10-E8F6-407A-AD36-A74CD731D364} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {B04709D3-8CE7-4BE3-9562-552433CB739C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1002439171-454579158-3284813215-1000
Task: {B618A206-8E21-4682-AAEF-7FC1A8FDFC1A} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2016-05-30] (Sony Corporation)
Task: {B668B413-98EF-47EC-8FC3-E06846036CC4} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {C8F738D0-F2D7-4DDD-86CD-29E7D99F34C7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {CBE75F89-8E5A-4355-9DFE-6A714D8809B8} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {CBEA99DA-AA30-45D3-8177-6A66985DA734} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {D066B18D-C0EC-4530-AD40-06F4067E46EF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {E031B437-B758-430E-B32F-54720B55A7CD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {E6B5DEF0-F233-409C-8525-94ACE897FA88} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6970e0e0efc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E783AEF2-37C9-4824-A147-B934A73A316D} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {E89BE5E5-AD93-4C76-80EB-7E3985C977DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F0194AED-D3FD-4E28-80C0-240A592BDECD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {F13089E3-B924-4789-8E7E-F3A915A4C42D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F62389E3-17BD-4FE1-91E1-3AC61B111324} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {FC65519B-4CCA-4390-9578-93D9F07F23BE} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2016-03-31] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core.job => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA.job => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-21 21:01 - 2017-01-23 12:58 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-21 21:01 - 2017-01-23 12:58 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-21 21:01 - 2017-01-23 12:58 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2011-03-30 01:46 - 2011-03-29 08:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-14 22:22 - 2016-12-08 08:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 22:22 - 2016-12-08 08:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2012-03-04 23:57 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-05-12 05:51 - 2016-05-12 05:51 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2012-03-04 23:44 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-01-19 18:54 - 2016-12-08 01:00 - 00035792 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-01-19 18:51 - 2016-12-08 01:00 - 00145864 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-01-19 18:50 - 2016-12-08 01:01 - 00019408 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-01-19 18:51 - 2016-12-08 01:00 - 00116688 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-01-19 18:54 - 2016-12-08 01:04 - 00024528 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-01-19 18:54 - 2016-12-08 01:00 - 00100296 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00105928 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-01-19 18:54 - 2016-12-08 01:00 - 00018888 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\select.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00019776 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-01-19 18:54 - 2016-12-08 01:00 - 00694224 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 00020824 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-01-19 18:54 - 2016-12-08 01:01 - 00123856 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 01682768 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 00020816 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00021328 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00052032 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-01-19 18:50 - 2017-01-06 00:04 - 00038712 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-01-19 18:51 - 2016-12-08 01:00 - 00392144 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-01-19 18:50 - 2016-12-08 01:04 - 00020936 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00116176 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00381760 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00124880 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00025432 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00024016 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00175560 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00030160 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00043472 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00048592 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00057808 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00024016 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 00246608 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 00026464 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-19 18:54 - 2016-12-08 01:02 - 00241104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-01-19 18:50 - 2017-01-06 00:03 - 00020288 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00028616 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00023384 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00020816 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00019792 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00020808 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00350152 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00022360 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-01-19 18:50 - 2017-01-06 00:04 - 00024400 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-01-19 18:50 - 2016-12-08 00:57 - 00036296 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\librsync.dll
2017-01-19 18:50 - 2017-01-06 00:03 - 00084288 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-01-19 18:51 - 2017-01-06 00:04 - 01826104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-01-19 18:54 - 2016-12-08 01:01 - 00083912 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\sip.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00531264 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 03928896 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 01972536 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00133432 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00224064 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00207680 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-19 18:54 - 2017-01-06 00:04 - 00020296 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2017-01-19 18:50 - 2016-12-08 01:08 - 00017864 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-01-19 18:50 - 2016-12-08 01:08 - 01631184 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-01-19 18:51 - 2017-01-06 00:04 - 00042816 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00171336 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00357688 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-01-19 18:54 - 2016-12-08 01:04 - 00060880 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-01-19 18:51 - 2017-01-06 00:04 - 00546104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\topcashback.co.uk -> hxxps://www.topcashback.co.uk
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6CC6C0B7-E347-4F58-ACCD-8881B1BCD3C1}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C619FC46-9955-48F9-9CD7-063CEFF2693E}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C2050109-042C-4E25-9002-7DF771267C8A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38498693-7B70-463F-A5A6-8EB17094D44F}] => LPort=2869
FirewallRules: [{A2B51CBE-434C-4F3A-87EF-8EACE9B28BD8}] => LPort=1900
FirewallRules: [{027DDC22-3C78-4D57-ADF1-66789B1856F2}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E422A975-2B5F-4C61-84DA-AEC5CC146CB5}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{50CCD128-5F15-4870-AC57-515237D8225E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{13EBE47A-80B1-4F5B-AE55-67B7544C7E02}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{5DFD1856-2A33-4230-8F2B-6BE65A3A3FD3}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{31745711-2817-4F09-8E45-7EF03ACD44FD}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AA12D10F-DA9A-44E6-A28A-5A1BCA7BF722}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{48AFD37F-5189-4213-A317-550D932A6B7A}] => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A0CB0931-9E2A-4AF6-9C25-F1D03E4B250B}] => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9EBF2F68-C563-4E8A-B5DE-AB8B31F01A78}] => C:\Program Files (x86)\MR APP\MRAPP.UI.exe
FirewallRules: [{DAD78A2E-DD26-431D-9E73-4A5341718711}] => C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{970A86A0-2285-4855-9B8F-5D3D97C9FC29}] => C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
FirewallRules: [{12C40B96-629B-4D58-8750-00A0908991AE}] => C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{87B8731D-C4C5-4494-8A53-8A312FF77657}] => C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{BD8DBD3B-5946-483E-900E-7EECE29132F0}] => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{1DBB6E38-512E-47D9-854B-A0672715E14B}] => C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{12169FB6-AC88-47CB-8E11-E0149C518EA3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-01-2017 18:01:53 Windows Update
16-01-2017 14:31:01 Windows Update
18-01-2017 16:10:22 Windows Update
20-01-2017 12:41:46 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2017 12:00:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (01/23/2017 11:59:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (01/22/2017 10:24:24 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (01/22/2017 10:24:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/22/2017 10:24:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/22/2017 10:24:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (01/22/2017 10:24:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (8488) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
 
Error: (01/22/2017 10:23:54 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (01/22/2017 10:23:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/22/2017 10:23:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/23/2017 01:02:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:14 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (01/23/2017 01:02:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:12 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (01/23/2017 01:02:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (01/23/2017 01:02:03 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.
 
Error: (01/23/2017 12:59:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMFarflt service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-23 13:09:41.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-23 13:03:36.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-23 11:56:58.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 22:16:42.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 20:36:49.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 20:14:15.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 18:09:03.060
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 15:44:55.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-22 15:10:02.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-22 15:10:02.701
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 72%
Total physical RAM: 4043.86 MB
Available physical RAM: 1108.27 MB
Total Virtual: 8085.9 MB
Available Virtual: 4895.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.4 GB) (Free:153.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51C73D7D)
Partition 1: (Not Active) - (Size=13.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 27 January 2017 - 02:24 PM

Hi Tapir

Sorry for the delay in response to your thread.
I'm just going over your reports now.
Back ASAP.

BBPP6nz.png


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 27 January 2017 - 03:34 PM

Hi Tapir

I see that you have been here before with this proxy problem.
After a lot of searching I've found the main problem.... although there are others on the system

(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe

Until this is removed, you'll never get rid of the proxy.

Please uninstall: Coupon Printer

After this has been removed, please let me have a fresh set of FRST reports so that we can deal with the rest and any leftovers.

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
New FRST reports (Both of them)


Thanks.

BBPP6nz.png


#6 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 28 January 2017 - 04:52 PM

Hi Starbuck

 

I've uninstalled Coupon Printer and run another FRST scan as below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01
Ran by Pufferfish (administrator) on PUFFERFISH-VAIO (28-01-2017 21:29:53)
Running from C:\Users\Pufferfish\Desktop
Loaded Profiles: Pufferfish (Available Profiles: Pufferfish)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Dropbox, Inc.) C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [850536 2016-11-18] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Run: [Dropbox Update] => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1002439171-454579158-3284813215-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1002439171-454579158-3284813215-1000] => http=127.0.0.1:16110;https=127.0.0.1:16110
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AA8BA001-B0E3-45F6-888D-3A92C5F1A644}: [DhcpNameServer] 192.168.1.254
ManualProxies: 1http=127.0.0.1:16110;https=127.0.0.1:16110
 
Internet Explorer:
==================
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {0FC5A84E-5146-4C58-8CBB-0988A38A8BE0} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {22DA3CAA-0A1B-47D7-B025-1745173BEB2F} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1002439171-454579158-3284813215-1000 -> {878D2806-DB67-45F8-9D62-E101A700303D} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB805D20141107&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-04] (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-04] (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-04] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2012-03-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll ()
CHR Profile: C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Google Slides) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-23]
CHR Extension: (Google Docs) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-23]
CHR Extension: (Google Drive) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-23]
CHR Extension: (YouTube) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-19]
CHR Extension: (Google Sheets) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-23]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pufferfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1656600 2016-03-31] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-25] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-21] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-28] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [0 2010-11-21] () <==== ATTENTION (zero byte File/Folder)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 21:29 - 2017-01-28 21:30 - 00026719 _____ C:\Users\Pufferfish\Desktop\FRST.txt
2017-01-28 20:57 - 2017-01-28 20:57 - 00000100 _____ C:\Users\Pufferfish\Desktop\FRST 28th.txt
2017-01-28 20:29 - 2017-01-28 20:57 - 00049336 _____ C:\Users\Pufferfish\Desktop\Addition 28th.txt
2017-01-28 17:23 - 2017-01-28 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-28 17:19 - 2017-01-28 17:19 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{81515764-3CE9-43CD-B1E8-3F679A571DA8}
2017-01-27 16:35 - 2017-01-27 16:35 - 00012360 _____ C:\Users\Pufferfish\Desktop\Voucher Print.html
2017-01-27 12:07 - 2017-01-27 12:07 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{1B1D55BC-F39A-4852-A090-03FF0B9931CD}
2017-01-26 15:33 - 2017-01-28 17:25 - 00003978 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-26 13:46 - 2017-01-26 14:20 - 00000000 ____D C:\Users\Pufferfish\Desktop\Scilly 2016 (all photos)
2017-01-26 11:37 - 2017-01-26 11:37 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A90CDFA8-1CC3-472C-A2F1-8D136D8F5601}
2017-01-25 11:57 - 2017-01-25 11:57 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A7D0A53D-BD49-45B6-AFB0-526A65486BD8}
2017-01-24 21:22 - 2017-01-24 21:31 - 00249068 _____ C:\Windows\ntbtlog.txt
2017-01-24 11:44 - 2017-01-24 11:44 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-24 11:38 - 2017-01-24 11:38 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8F9145AD-A6C1-46C4-BC8F-4A089FE63A0D}
2017-01-23 19:11 - 2017-01-23 19:11 - 00000000 __SHD C:\found.005
2017-01-23 13:12 - 2017-01-23 13:42 - 00050428 _____ C:\Users\Pufferfish\Desktop\Addition old.txt
2017-01-23 13:09 - 2017-01-28 20:29 - 00049325 _____ C:\Users\Pufferfish\Desktop\FRST old.txt
2017-01-23 13:09 - 2017-01-28 20:22 - 02420736 _____ (Farbar) C:\Users\Pufferfish\Desktop\FRST64.exe
2017-01-23 13:09 - 2017-01-28 20:22 - 00000000 ____D C:\Users\Pufferfish\Desktop\FRST-OlderVersion
2017-01-23 13:02 - 2017-01-23 13:02 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2B3C4D12-EFE4-46F6-9830-94F06BB6A782}
2017-01-23 11:50 - 2017-01-23 11:50 - 00000000 __SHD C:\found.004
2017-01-22 22:28 - 2017-01-22 22:28 - 00025991 _____ C:\Users\Pufferfish\Downloads\Addition.txt
2017-01-22 22:25 - 2017-01-22 22:28 - 00047240 _____ C:\Users\Pufferfish\Downloads\FRST.txt
2017-01-22 22:23 - 2017-01-22 22:23 - 02420736 _____ (Farbar) C:\Users\Pufferfish\Downloads\FRST64 (1).exe
2017-01-22 18:56 - 2017-01-22 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-01-22 18:56 - 2017-01-22 18:57 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-01-22 18:54 - 2017-01-22 18:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Pufferfish\Downloads\cbSetup.exe
2017-01-22 11:31 - 2017-01-22 11:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A3D50E47-F1E4-4BD3-84DF-45FE9E0E5AF8}
2017-01-21 21:02 - 2017-01-28 17:16 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-21 21:02 - 2017-01-27 12:04 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-21 21:02 - 2017-01-21 21:02 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-21 21:01 - 2017-01-28 17:16 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 21:01 - 2017-01-28 17:16 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-21 21:01 - 2017-01-25 16:38 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-21 21:01 - 2017-01-22 20:21 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-21 21:01 - 2017-01-22 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-21 21:01 - 2017-01-21 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 21:01 - 2017-01-21 21:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-21 20:55 - 2017-01-21 20:55 - 54199488 _____ (Malwarebytes ) C:\Users\Pufferfish\Downloads\mb3-setup-1878.1878-3.0.5.1299 (1).exe
2017-01-21 17:03 - 2017-01-21 17:07 - 00000000 ____D C:\Users\Pufferfish\Desktop\Jewellery Order Info
2017-01-21 16:34 - 2017-01-21 16:35 - 00000000 ____D C:\Users\Pufferfish\Documents\Packing Lists
2017-01-21 16:29 - 2017-01-26 12:46 - 00000000 ____D C:\Users\Pufferfish\Documents\Writing Stuff
2017-01-21 16:27 - 2017-01-21 16:28 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (4).exe
2017-01-21 16:12 - 2017-01-21 16:12 - 00422944 ____N C:\Users\Pufferfish\Documents\cc_20170121_161217.reg
2017-01-21 15:59 - 2017-01-21 16:02 - 00068945 _____ C:\Windows\system32\sfcdetails.txt
2017-01-21 15:55 - 2010-11-21 03:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2017-01-21 15:55 - 2009-07-14 01:45 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys
2017-01-21 15:42 - 2017-01-21 15:43 - 08813488 _____ (Piriform Ltd) C:\Users\Pufferfish\Downloads\ccsetup526.exe
2017-01-21 15:10 - 2017-01-21 15:10 - 00004298 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-01-21 15:08 - 2017-01-21 15:11 - 00000150 _____ C:\Windows\Reimage.ini
2017-01-21 15:06 - 2017-01-21 15:07 - 00604928 _____ (Reimage) C:\Users\Pufferfish\Downloads\ReimageRepair.exe
2017-01-21 12:22 - 2017-01-21 12:22 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (3).exe
2017-01-21 12:21 - 2017-01-21 12:21 - 00000302 _____ C:\Users\Pufferfish\Desktop\esetscan.txt
2017-01-21 12:17 - 2017-01-21 12:18 - 06770304 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\ESETOnlineScanner_ENU (2).exe
2017-01-21 12:08 - 2017-01-21 12:08 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{F862510C-BA61-4E52-A132-D35FEBAAA1A2}
2017-01-20 16:18 - 2017-01-20 16:18 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\ESET
2017-01-20 16:16 - 2017-01-20 16:17 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu.exe
2017-01-20 16:16 - 2017-01-20 16:17 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Pufferfish\Downloads\esetonlinescanner_enu (1).exe
2017-01-19 20:17 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-19 20:17 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-19 20:17 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-19 20:17 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-19 20:17 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-19 20:17 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-19 20:17 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-19 20:17 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-19 20:17 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-19 20:17 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-19 20:17 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-19 18:40 - 2017-01-19 18:41 - 54199488 _____ (Malwarebytes ) C:\Users\Pufferfish\Downloads\mb3-setup-1878.1878-3.0.5.1299.exe
2017-01-19 18:30 - 2017-01-20 12:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2690DD59-08BE-43F0-B36C-C735F4D2B3E3}
2017-01-19 15:40 - 2017-01-19 15:40 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2374B381-808E-4DC1-93D6-5654030D7EE1}
2017-01-19 13:56 - 2017-01-19 13:56 - 00000000 __SHD C:\found.003
2017-01-18 16:10 - 2017-01-19 16:30 - 00000000 ____D C:\989b789f835f773520
2017-01-18 16:04 - 2017-01-18 16:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C584D894-A6C8-449B-830D-444D14D6A764}
2017-01-17 14:25 - 2017-01-17 14:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3E262CF1-E7EF-4902-85ED-4C5417549088}
2017-01-17 02:24 - 2017-01-17 02:24 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{4B3939DF-ABEF-4446-B0FF-FBEC4997DB2A}
2017-01-16 20:56 - 2017-01-16 20:57 - 00249658 _____ C:\Users\Pufferfish\Downloads\Assistant Corporate Resources (Customer Services).pdf
2017-01-16 14:31 - 2017-01-19 18:12 - 00000000 ____D C:\4c910e321cc753580233011c5b
2017-01-16 14:23 - 2017-01-16 14:23 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8CEFF1B0-2F2F-410B-823E-83C632FF2672}
2017-01-14 18:02 - 2017-01-14 18:02 - 00000000 ____D C:\Windows\CheckSur
2017-01-14 17:57 - 2017-01-14 17:57 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{94DD5CA8-37A9-44C6-9AA1-042F3FFBC001}
2017-01-13 19:06 - 2017-01-13 19:06 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A8C8B0B3-071E-4BA1-AC64-CC6E1FA77178}
2017-01-13 15:36 - 2017-01-13 15:36 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-13 15:21 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-01-13 15:21 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps(49).exe
2017-01-13 13:49 - 2017-01-13 13:49 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\McAfee
2017-01-13 13:42 - 2017-01-13 13:42 - 00016680 _____ (McAfee, Inc.) C:\Windows\GetSusp.sys
2017-01-13 13:42 - 2017-01-13 13:42 - 00000000 _____ C:\Users\Pufferfish\Downloads\GetSusp.tmp
2017-01-13 06:50 - 2017-01-13 06:50 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D17690D0-5E55-464A-95FD-4FB7E9F0A92D}
2017-01-12 13:25 - 2017-01-12 13:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D3C7674A-8105-4CF4-960A-BF02609E20EF}
2017-01-11 12:16 - 2017-01-11 12:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8E400C88-1D78-4A23-87EF-84888C6F8A9B}
2017-01-10 12:34 - 2017-01-10 12:34 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{DB26CC4B-234B-4ECC-8557-15578A561796}
2017-01-09 14:04 - 2017-01-09 14:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{B85AA2E7-0BDF-4F69-BC86-ED2FD5C47641}
2017-01-08 17:54 - 2017-01-08 19:40 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\Microsoft Games
2017-01-08 17:54 - 2017-01-08 17:54 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-01-08 11:53 - 2017-01-08 23:55 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3412790B-E991-49CD-846C-764A6F74F584}
2017-01-07 18:33 - 2017-01-07 18:33 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C858F568-51CA-4BB9-BDBB-DCEB82331C4B}
2017-01-06 19:17 - 2017-01-06 19:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{0537C990-8620-465F-9B03-FAF49C3C9EE6}
2017-01-05 12:38 - 2017-01-06 06:44 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{5F76440A-DEAD-48F6-9D6E-0D5D9321D07B}
2017-01-04 18:42 - 2017-01-04 18:42 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{58F60096-AD14-45BA-B6A8-EF7B4747E496}
2017-01-04 06:41 - 2017-01-04 06:41 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{E2E44964-D17F-4730-BC66-20C251E4DA36}
2017-01-01 16:20 - 2017-01-03 12:21 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{BAE576C2-61E3-4059-9EFF-C78A9DDB7D25}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 21:29 - 2016-12-16 10:52 - 00000000 ____D C:\FRST
2017-01-28 21:29 - 2012-10-29 10:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-28 21:09 - 2012-09-29 15:52 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7AECA64-9283-4103-8756-E16878E7E36B}
2017-01-28 20:44 - 2015-06-16 05:58 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA.job
2017-01-28 17:36 - 2013-07-11 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2017-01-28 17:36 - 2013-07-11 13:33 - 00000000 ____D C:\Program Files (x86)\Coupon Printer
2017-01-28 17:25 - 2016-08-17 18:39 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-28 17:25 - 2009-07-14 04:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-28 17:23 - 2009-07-14 05:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-28 17:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-01-28 17:20 - 2015-02-10 21:53 - 00000000 ___RD C:\Users\Pufferfish\Dropbox
2017-01-28 17:19 - 2012-11-12 15:15 - 00000000 ____D C:\Users\Pufferfish\Tracing
2017-01-28 17:15 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-26 16:03 - 2014-05-09 15:36 - 00590336 ___SH C:\Users\Pufferfish\Desktop\Thumbs.db
2017-01-26 16:00 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Pufferfish\Documents\Bluetooth Folder
2017-01-26 12:54 - 2012-10-02 19:09 - 00000000 ____D C:\Users\Pufferfish\Desktop\Stooories
2017-01-24 21:28 - 2012-10-01 13:56 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\ElevatedDiagnostics
2017-01-24 11:44 - 2015-02-10 21:48 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Dropbox
2017-01-23 16:52 - 2012-09-29 16:18 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\Adobe
2017-01-22 20:14 - 2012-09-29 15:47 - 00000000 ____D C:\Users\Pufferfish
2017-01-22 19:32 - 2013-02-19 12:12 - 00000000 ____D C:\Users\Pufferfish\Documents\Fax
2017-01-21 23:44 - 2015-06-16 05:58 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core.job
2017-01-21 22:33 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2017-01-21 20:43 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-21 18:09 - 2012-09-29 15:47 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\Sony Corporation
2017-01-21 16:55 - 2012-03-04 23:55 - 00000000 ____D C:\ProgramData\McAfee
2017-01-21 16:51 - 2012-10-02 10:30 - 00000000 ____D C:\Users\Pufferfish\AppData\Roaming\SoftGrid Client
2017-01-21 16:34 - 2015-01-21 18:34 - 00000000 ____D C:\Users\Pufferfish\Documents\Bulb Shop Scilly
2017-01-21 16:08 - 2012-10-13 18:02 - 00000000 ____D C:\Windows\Minidump
2017-01-21 16:08 - 2012-10-13 17:56 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\CrashDumps
2017-01-21 16:08 - 2011-02-10 22:48 - 00000000 ____D C:\Windows\Panther
2017-01-21 15:25 - 2015-07-15 22:05 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-20 15:32 - 2012-10-13 18:30 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-20 12:41 - 2013-08-08 10:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-20 12:32 - 2012-10-01 13:55 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-19 19:31 - 2012-10-29 10:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-19 19:30 - 2012-10-29 10:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-19 19:30 - 2012-10-29 10:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-19 19:30 - 2012-10-29 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-19 19:30 - 2012-03-05 00:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-19 19:14 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files\McAfee
2017-01-19 18:58 - 2016-08-18 21:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 18:51 - 2015-09-16 13:07 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-19 18:38 - 2016-08-18 21:07 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 18:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-19 18:12 - 2016-08-17 19:16 - 00000000 ____D C:\EEK
2017-01-19 18:12 - 2016-01-07 07:08 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-19 18:12 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2017-01-19 18:12 - 2012-03-04 23:57 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-01-19 18:12 - 2011-10-20 22:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-19 18:12 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-19 18:08 - 2016-02-23 17:29 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-19 18:08 - 2015-07-15 22:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-19 18:08 - 2012-12-10 10:00 - 00000000 ____D C:\Program Files\McAfee.com
2017-01-19 18:06 - 2012-10-02 10:35 - 00000000 __RHD C:\MSOCache
2017-01-18 13:13 - 2014-08-11 17:16 - 00000000 __SHD C:\Users\Pufferfish\AppData\Local\EmieUserList
2017-01-18 13:13 - 2014-08-11 17:16 - 00000000 __SHD C:\Users\Pufferfish\AppData\Local\EmieSiteList
2017-01-16 14:24 - 2014-11-10 14:10 - 00000000 ____D C:\Users\Pufferfish\Desktop\Holidays Info
2017-01-09 20:42 - 2015-03-10 11:42 - 00000000 ____D C:\Users\Pufferfish\Documents\Harlow Carr
2017-01-09 16:19 - 2014-02-23 22:04 - 00013656 ____N C:\Users\Pufferfish\Documents\Materials Index.xlsx
2017-01-05 12:28 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
Some files in TEMP:
====================
2017-01-22 15:08 - 2017-01-22 15:08 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\GUREE06.exe
2017-01-21 15:08 - 2017-01-21 15:08 - 13414504 _____ (Reimage) C:\Users\Pufferfish\AppData\Local\Temp\ReimagePackage.exe
2017-01-22 15:07 - 2017-01-22 15:07 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\uyx9ur1l.dll
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\IEAdvpack.dll
C:\Windows\System32\Drivers\cmdide.sys
C:\Windows\System32\Drivers\msahci.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-23 19:47
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
And here is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Pufferfish (28-01-2017 21:31:07)
Running from C:\Users\Pufferfish\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-29 15:47:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1002439171-454579158-3284813215-500 - Administrator - Disabled)
Guest (S-1-5-21-1002439171-454579158-3284813215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1002439171-454579158-3284813215-1002 - Limited - Enabled)
Pufferfish (S-1-5-21-1002439171-454579158-3284813215-1000 - Administrator - Enabled) => C:\Users\Pufferfish
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {B10D5953-051E-97F6-F53B-3839EFD98259}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {0A6CB8B7-2324-9878-CF8B-034B945EC8E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.392 - ArcSoft)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.11 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.11 - British Broadcasting Corp.) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 15.0.2063 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation)
VAIO Care (HKLM\...\{28D70998-F9F8-4F4B-BB1D-64C11123C01B}) (Version: 8.4.5.06021 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.10090 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version:  - )
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.3 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.2.0.16270 - Sony Corporation)
Valued Opinions Plus (HKLM-x32\...\{192A850D-9DCB-423E-8525-E314BFD07B70}) (Version: 1.1.0.368 - Valued Opinions)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VUx64 (Version: 1.2.0 - Sony Corporation) Hidden
VUx86 (x32 Version: 1.2.0 - Sony Corporation) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1002439171-454579158-3284813215-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\DropboxExt64.11.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00259FE5-85B9-4323-B19E-D2ED31C95F7D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {03E302C3-F14B-4E5B-9256-3F917B518C5A} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {179A81BB-4B7D-4D4A-AB97-F01696590F2F} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {19C9CDCD-0114-4D24-AF5D-6F3C51A92216} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {25487169-1F5D-4519-ACD9-3877D83D3705} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {2577E2E8-C62F-4D60-8750-825C68409408} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcWeekly => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {26BE1A17-47AF-4466-B6CA-820B0D57EDF5} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {32E05CFE-6727-417B-9D66-4C8ED71C7E16} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {3A55C41D-13D4-4147-AA21-CAFC4BF671C7} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {433B1253-8F42-4C11-9720-ED2B0C674468} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2016-04-25] (Sony Corporation)
Task: {527B24D8-BDF1-49EC-9808-6A5EC6689198} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-19] (Adobe Systems Incorporated)
Task: {59F069B7-A935-4209-84D3-E9F313B44824} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {635BD005-55C9-4383-9C58-6BF35F42EED0} - System32\Tasks\Sony Corporation\VAIO Care\VTUsr => C:\Program Files\Sony\VAIO Care\VAIOTM\VTUsr.exe [2016-05-30] (Sony Corporation)
Task: {7E37E59C-FDE2-47C0-B4D0-E31BA518BDE6} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {861F12D2-70FE-44DE-AA4E-1C4DFA7A34D9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2016-03-24] (Sony Corporation)
Task: {8936B7E5-4030-4C13-BCC4-B94028BA4AFA} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2016-03-31] (Sony Corporation)
Task: {9249A193-4F6E-431B-BB0B-7C05EB5BB52B} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {99607591-EE58-4E2B-B1EA-DFAFC892D24A} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2016-03-18] (Sony Corporation)
Task: {AEF24EA7-0239-408C-98E4-8F25A4CAA709} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {AF85DB10-E8F6-407A-AD36-A74CD731D364} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {B04709D3-8CE7-4BE3-9562-552433CB739C} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1002439171-454579158-3284813215-1000
Task: {B618A206-8E21-4682-AAEF-7FC1A8FDFC1A} - System32\Tasks\Sony Corporation\VAIO Care\VTSvc => C:\Program Files\Sony\VAIO Care\VAIOTM\VTSvc.exe [2016-05-30] (Sony Corporation)
Task: {B668B413-98EF-47EC-8FC3-E06846036CC4} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {C8F738D0-F2D7-4DDD-86CD-29E7D99F34C7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-10-11] (McAfee, Inc.)
Task: {CBE75F89-8E5A-4355-9DFE-6A714D8809B8} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {CBEA99DA-AA30-45D3-8177-6A66985DA734} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {D066B18D-C0EC-4530-AD40-06F4067E46EF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2016-05-31] (Sony Corporation)
Task: {E031B437-B758-430E-B32F-54720B55A7CD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {E6B5DEF0-F233-409C-8525-94ACE897FA88} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6970e0e0efc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E783AEF2-37C9-4824-A147-B934A73A316D} - System32\Tasks\Sony Corporation\VAIO Care\VKSvcDaily => C:\Program Files\Sony\VAIO Care\VAIOTM\VKSvc.exe [2016-05-30] (Sony Corporation)
Task: {E89BE5E5-AD93-4C76-80EB-7E3985C977DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F0194AED-D3FD-4E28-80C0-240A592BDECD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {F13089E3-B924-4789-8E7E-F3A915A4C42D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F62389E3-17BD-4FE1-91E1-3AC61B111324} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {FC65519B-4CCA-4390-9578-93D9F07F23BE} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2016-03-31] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000Core.job => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1002439171-454579158-3284813215-1000UA.job => C:\Users\Pufferfish\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-21 21:01 - 2017-01-25 16:38 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-21 21:01 - 2017-01-25 16:38 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-03-30 01:46 - 2011-03-29 08:47 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-04 23:57 - 2011-03-05 16:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2017-01-24 11:43 - 2017-01-18 18:39 - 00801600 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-01-24 11:44 - 2016-12-21 08:44 - 00035792 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-01-24 11:44 - 2016-12-21 08:44 - 00100296 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-01-24 11:44 - 2016-12-21 08:44 - 00018888 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\select.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00019776 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-01-24 11:44 - 2016-12-21 08:44 - 00694224 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00020824 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-01-24 11:44 - 2016-12-21 08:45 - 00123856 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 01682768 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00020816 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-01-24 11:43 - 2016-12-21 08:44 - 00145864 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-01-24 11:43 - 2016-12-21 08:45 - 00019408 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-01-24 11:43 - 2016-12-21 08:44 - 00116688 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-01-24 11:44 - 2016-12-21 08:46 - 00105928 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00022864 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00052032 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00038712 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-01-24 11:43 - 2016-12-21 08:44 - 00392144 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-01-24 11:43 - 2016-12-21 08:46 - 00020936 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00024528 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-01-24 11:44 - 2016-12-21 08:47 - 00116176 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00381760 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00124880 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00026456 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00024016 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00175560 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00030160 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00043472 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-01-24 11:44 - 2016-12-21 08:47 - 00048592 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00057808 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00024016 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00246608 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00027488 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-24 11:44 - 2016-12-21 08:45 - 00241104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00022336 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-01-24 11:44 - 2016-12-21 08:47 - 00028616 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00025432 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00022872 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00021848 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00022872 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 01826104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-01-24 11:44 - 2016-12-21 08:45 - 00083912 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\sip.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00531264 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 03928896 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 01972536 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00133432 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00224064 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00207680 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00021840 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-24 11:44 - 2016-12-21 08:47 - 00350152 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-01-24 11:44 - 2017-01-18 18:42 - 00023896 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00025936 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-01-24 11:43 - 2016-12-21 08:42 - 00036296 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\librsync.dll
2017-01-24 11:43 - 2017-01-18 18:42 - 00084288 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-01-24 11:43 - 2016-12-21 08:50 - 00017864 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-01-24 11:43 - 2016-12-21 08:50 - 01631184 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-01-24 11:43 - 2017-01-18 18:42 - 00042816 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00171336 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00357688 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-01-24 11:44 - 2016-12-21 08:46 - 00060880 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-01-24 11:43 - 2017-01-18 18:42 - 00546104 _____ () C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-12 05:51 - 2016-05-12 05:51 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2012-03-04 23:44 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\topcashback.co.uk -> hxxps://www.topcashback.co.uk
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pufferfish\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6CC6C0B7-E347-4F58-ACCD-8881B1BCD3C1}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C619FC46-9955-48F9-9CD7-063CEFF2693E}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C2050109-042C-4E25-9002-7DF771267C8A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38498693-7B70-463F-A5A6-8EB17094D44F}] => LPort=2869
FirewallRules: [{A2B51CBE-434C-4F3A-87EF-8EACE9B28BD8}] => LPort=1900
FirewallRules: [{027DDC22-3C78-4D57-ADF1-66789B1856F2}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E422A975-2B5F-4C61-84DA-AEC5CC146CB5}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{50CCD128-5F15-4870-AC57-515237D8225E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{13EBE47A-80B1-4F5B-AE55-67B7544C7E02}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{5DFD1856-2A33-4230-8F2B-6BE65A3A3FD3}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{31745711-2817-4F09-8E45-7EF03ACD44FD}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AA12D10F-DA9A-44E6-A28A-5A1BCA7BF722}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{48AFD37F-5189-4213-A317-550D932A6B7A}] => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A0CB0931-9E2A-4AF6-9C25-F1D03E4B250B}] => C:\Users\Pufferfish\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9EBF2F68-C563-4E8A-B5DE-AB8B31F01A78}] => C:\Program Files (x86)\MR APP\MRAPP.UI.exe
FirewallRules: [{DAD78A2E-DD26-431D-9E73-4A5341718711}] => C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{970A86A0-2285-4855-9B8F-5D3D97C9FC29}] => C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
FirewallRules: [{12C40B96-629B-4D58-8750-00A0908991AE}] => C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{87B8731D-C4C5-4494-8A53-8A312FF77657}] => C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{BD8DBD3B-5946-483E-900E-7EECE29132F0}] => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{1DBB6E38-512E-47D9-854B-A0672715E14B}] => C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{12169FB6-AC88-47CB-8E11-E0149C518EA3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-01-2017 12:41:46 Windows Modules Installer
27-01-2017 20:00:25 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2017 05:18:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (01/28/2017 05:17:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (01/27/2017 08:00:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/27/2017 08:00:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (01/27/2017 12:07:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (01/27/2017 12:06:18 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (01/26/2017 09:28:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (01/26/2017 09:27:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (01/26/2017 04:02:37 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (01/26/2017 04:02:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (01/28/2017 09:36:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
 
Error: (01/28/2017 09:36:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
 
Error: (01/28/2017 09:36:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
 
Error: (01/28/2017 09:36:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
 
Error: (01/28/2017 09:36:40 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
 
Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-28 21:28:16.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-28 20:14:05.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-28 17:46:35.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-28 17:34:57.960
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-28 17:34:57.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-28 17:34:57.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-28 17:16:00.367
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-28 17:16:00.180
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\WUDFRd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-28 17:15:26.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-27 13:04:07.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ole32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 4043.86 MB
Available physical RAM: 1670.66 MB
Total Virtual: 8085.9 MB
Available Virtual: 5020.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:284.4 GB) (Free:150.39 GB) NTFS
Drive d: () (Removable) (Total:7.45 GB) (Free:2.95 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51C73D7D)
Partition 1: (Not Active) - (Size=13.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 28 January 2017 - 05:58 PM

Hi Tapir
 

I've uninstalled Coupon Printer and run another FRST scan as below:

Ok, let's get to work then.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Because of this in the event log:
 

Error: (01/28/2017 09:36:27 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

You can do this by running the Scandisk utility within Windows.
  • Click Start >> Computer
  • Right click on your main drive (usually 'C')
  • Select Properties
  • Click on the Tools tab
  • Under Error Checking.. Click Check Now
  • Tick the options that you require ( Please tick both options )
  • Click Start
  • On the screen that comes up.. Click Yes then OK
  • Now restart your computer.
Note: Be patient. Analyzing the drive can be a lengthy process



Step 3

Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)

MalwareBytes have recently released 3.0.6.1469.
Please start MalwareBytes, Click to update the definitions and the program to the latest version and run a scan.
Let me have the scan report.

To find the reports
  • From the main Dashboard click Reports (left hand side)
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
  • Click Export >> Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
.
nmb14_zpsdq4dkyqo.png


In your next reply, please submit:
Fixlog.txt
MalwareBytes scan report

and let me know what issues you have left with the system


Thanks.

Attached Files


BBPP6nz.png


#8 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 31 January 2017 - 07:02 AM

Hi, sorry for the delay getting back to you. I had to leave the Malwarebytes scan running overnight. 
 
During the fixlog, the laptop rebooted but I guess it worked ok...
 
Here's the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Pufferfish (29-01-2017 18:30:22) Run:1
Running from C:\Users\Pufferfish\Desktop
Loaded Profiles: Pufferfish (Available Profiles: Pufferfish)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
ProxyEnable: [S-1-5-21-1002439171-454579158-3284813215-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-1002439171-454579158-3284813215-1000] => http=127.0.0.1:16110;https=127.0.0.1:16110
ManualProxies: 1http=127.0.0.1:16110;https=127.0.0.1:16110
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [0 2010-11-21] () <==== ATTENTION (zero byte File/Folder)
2017-01-28 17:19 - 2017-01-28 17:19 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{81515764-3CE9-43CD-B1E8-3F679A571DA8}
2017-01-27 16:35 - 2017-01-27 16:35 - 00012360 _____ C:\Users\Pufferfish\Desktop\Voucher Print.html
2017-01-27 12:07 - 2017-01-27 12:07 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{1B1D55BC-F39A-4852-A090-03FF0B9931CD}
2017-01-26 11:37 - 2017-01-26 11:37 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A90CDFA8-1CC3-472C-A2F1-8D136D8F5601}
2017-01-25 11:57 - 2017-01-25 11:57 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A7D0A53D-BD49-45B6-AFB0-526A65486BD8}
2017-01-24 11:38 - 2017-01-24 11:38 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8F9145AD-A6C1-46C4-BC8F-4A089FE63A0D}
2017-01-23 13:02 - 2017-01-23 13:02 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2B3C4D12-EFE4-46F6-9830-94F06BB6A782}
2017-01-22 11:31 - 2017-01-22 11:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A3D50E47-F1E4-4BD3-84DF-45FE9E0E5AF8}
2017-01-21 15:10 - 2017-01-21 15:10 - 00004298 _____ C:\Windows\System32\Tasks\ReimageUpdater
2017-01-21 15:08 - 2017-01-21 15:11 - 00000150 _____ C:\Windows\Reimage.ini
2017-01-21 15:06 - 2017-01-21 15:07 - 00604928 _____ (Reimage) C:\Users\Pufferfish\Downloads\ReimageRepair.exe
2017-01-21 12:08 - 2017-01-21 12:08 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{F862510C-BA61-4E52-A132-D35FEBAAA1A2}
2017-01-19 18:30 - 2017-01-20 12:31 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2690DD59-08BE-43F0-B36C-C735F4D2B3E3}
2017-01-19 15:40 - 2017-01-19 15:40 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{2374B381-808E-4DC1-93D6-5654030D7EE1}
2017-01-18 16:04 - 2017-01-18 16:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C584D894-A6C8-449B-830D-444D14D6A764}
2017-01-17 14:25 - 2017-01-17 14:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3E262CF1-E7EF-4902-85ED-4C5417549088}
2017-01-17 02:24 - 2017-01-17 02:24 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{4B3939DF-ABEF-4446-B0FF-FBEC4997DB2A}
2017-01-16 14:23 - 2017-01-16 14:23 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8CEFF1B0-2F2F-410B-823E-83C632FF2672}
2017-01-14 17:57 - 2017-01-14 17:57 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{94DD5CA8-37A9-44C6-9AA1-042F3FFBC001}
2017-01-13 19:06 - 2017-01-13 19:06 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{A8C8B0B3-071E-4BA1-AC64-CC6E1FA77178}
2017-01-13 06:50 - 2017-01-13 06:50 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D17690D0-5E55-464A-95FD-4FB7E9F0A92D}
2017-01-12 13:25 - 2017-01-12 13:25 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{D3C7674A-8105-4CF4-960A-BF02609E20EF}
2017-01-11 12:16 - 2017-01-11 12:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{8E400C88-1D78-4A23-87EF-84888C6F8A9B}
2017-01-10 12:34 - 2017-01-10 12:34 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{DB26CC4B-234B-4ECC-8557-15578A561796}
2017-01-09 14:04 - 2017-01-09 14:04 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{B85AA2E7-0BDF-4F69-BC86-ED2FD5C47641}
2017-01-08 11:53 - 2017-01-08 23:55 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{3412790B-E991-49CD-846C-764A6F74F584}
2017-01-07 18:33 - 2017-01-07 18:33 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{C858F568-51CA-4BB9-BDBB-DCEB82331C4B}
2017-01-06 19:17 - 2017-01-06 19:17 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{0537C990-8620-465F-9B03-FAF49C3C9EE6}
2017-01-05 12:38 - 2017-01-06 06:44 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{5F76440A-DEAD-48F6-9D6E-0D5D9321D07B}
2017-01-04 18:42 - 2017-01-04 18:42 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{58F60096-AD14-45BA-B6A8-EF7B4747E496}
2017-01-04 06:41 - 2017-01-04 06:41 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{E2E44964-D17F-4730-BC66-20C251E4DA36}
2017-01-01 16:20 - 2017-01-03 12:21 - 00000000 ____D C:\Users\Pufferfish\AppData\Local\{BAE576C2-61E3-4059-9EFF-C78A9DDB7D25}
2017-01-28 17:36 - 2013-07-11 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer
2017-01-28 17:36 - 2013-07-11 13:33 - 00000000 ____D C:\Program Files (x86)\Coupon Printer
2017-01-22 15:08 - 2017-01-22 15:08 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\GUREE06.exe
2017-01-21 15:08 - 2017-01-21 15:08 - 13414504 _____ (Reimage) C:\Users\Pufferfish\AppData\Local\Temp\ReimagePackage.exe
2017-01-22 15:07 - 2017-01-22 15:07 - 0000000 _____ () C:\Users\Pufferfish\AppData\Local\Temp\uyx9ur1l.dll
C:\Windows\System32\IEAdvpack.dll
C:\Windows\System32\Drivers\cmdide.sys
C:\Windows\System32\Drivers\msahci.sys
Task: {7E37E59C-FDE2-47C0-B4D0-E31BA518BDE6} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
IE trusted site: HKU\S-1-5-21-1002439171-454579158-3284813215-1000\...\topcashback.co.uk -> hxxps://www.topcashback.co.uk
FirewallRules: [{9EBF2F68-C563-4E8A-B5DE-AB8B31F01A78}] => C:\Program Files (x86)\MR APP\MRAPP.UI.exe
FirewallRules: [{DAD78A2E-DD26-431D-9E73-4A5341718711}] => C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{970A86A0-2285-4855-9B8F-5D3D97C9FC29}] => C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
C:\Program Files\Reimage
C:\Program Files (x86)\MR APP
CMD: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
 
*****************
 
Processes closed successfully.
[1704] C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe => process closed successfully.
[2784] C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe => process closed successfully.
[3296] C:\Program Files (x86)\MR APP\MRAPP.UI.exe => process closed successfully.
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => key removed successfully
HKLM\System\CurrentControlSet\Services\EventService => key removed successfully
EventService => service removed successfully
TransferService => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\TransferService => key removed successfully
TransferService => service removed successfully
HKLM\System\CurrentControlSet\Services\ReimageRealTimeProtector => key removed successfully
ReimageRealTimeProtector => service removed successfully
HKLM\System\CurrentControlSet\Services\cmdide => key removed successfully
cmdide => service removed successfully
HKLM\System\CurrentControlSet\Services\msahci => key removed successfully
msahci => service removed successfully
C:\Users\Pufferfish\AppData\Local\{81515764-3CE9-43CD-B1E8-3F679A571DA8} => moved successfully
C:\Users\Pufferfish\Desktop\Voucher Print.html => moved successfully
C:\Users\Pufferfish\AppData\Local\{1B1D55BC-F39A-4852-A090-03FF0B9931CD} => moved successfully
C:\Users\Pufferfish\AppData\Local\{A90CDFA8-1CC3-472C-A2F1-8D136D8F5601} => moved successfully
C:\Users\Pufferfish\AppData\Local\{A7D0A53D-BD49-45B6-AFB0-526A65486BD8} => moved successfully
C:\Users\Pufferfish\AppData\Local\{8F9145AD-A6C1-46C4-BC8F-4A089FE63A0D} => moved successfully
C:\Users\Pufferfish\AppData\Local\{2B3C4D12-EFE4-46F6-9830-94F06BB6A782} => moved successfully
C:\Users\Pufferfish\AppData\Local\{A3D50E47-F1E4-4BD3-84DF-45FE9E0E5AF8} => moved successfully
C:\Windows\System32\Tasks\ReimageUpdater => moved successfully
C:\Windows\Reimage.ini => moved successfully
C:\Users\Pufferfish\Downloads\ReimageRepair.exe => moved successfully
C:\Users\Pufferfish\AppData\Local\{F862510C-BA61-4E52-A132-D35FEBAAA1A2} => moved successfully
C:\Users\Pufferfish\AppData\Local\{2690DD59-08BE-43F0-B36C-C735F4D2B3E3} => moved successfully
C:\Users\Pufferfish\AppData\Local\{2374B381-808E-4DC1-93D6-5654030D7EE1} => moved successfully
C:\Users\Pufferfish\AppData\Local\{C584D894-A6C8-449B-830D-444D14D6A764} => moved successfully
C:\Users\Pufferfish\AppData\Local\{3E262CF1-E7EF-4902-85ED-4C5417549088} => moved successfully
C:\Users\Pufferfish\AppData\Local\{4B3939DF-ABEF-4446-B0FF-FBEC4997DB2A} => moved successfully
C:\Users\Pufferfish\AppData\Local\{8CEFF1B0-2F2F-410B-823E-83C632FF2672} => moved successfully
C:\Users\Pufferfish\AppData\Local\{94DD5CA8-37A9-44C6-9AA1-042F3FFBC001} => moved successfully
C:\Users\Pufferfish\AppData\Local\{A8C8B0B3-071E-4BA1-AC64-CC6E1FA77178} => moved successfully
C:\Users\Pufferfish\AppData\Local\{D17690D0-5E55-464A-95FD-4FB7E9F0A92D} => moved successfully
C:\Users\Pufferfish\AppData\Local\{D3C7674A-8105-4CF4-960A-BF02609E20EF} => moved successfully
C:\Users\Pufferfish\AppData\Local\{8E400C88-1D78-4A23-87EF-84888C6F8A9B} => moved successfully
C:\Users\Pufferfish\AppData\Local\{DB26CC4B-234B-4ECC-8557-15578A561796} => moved successfully
C:\Users\Pufferfish\AppData\Local\{B85AA2E7-0BDF-4F69-BC86-ED2FD5C47641} => moved successfully
C:\Users\Pufferfish\AppData\Local\{3412790B-E991-49CD-846C-764A6F74F584} => moved successfully
C:\Users\Pufferfish\AppData\Local\{C858F568-51CA-4BB9-BDBB-DCEB82331C4B} => moved successfully
C:\Users\Pufferfish\AppData\Local\{0537C990-8620-465F-9B03-FAF49C3C9EE6} => moved successfully
C:\Users\Pufferfish\AppData\Local\{5F76440A-DEAD-48F6-9D6E-0D5D9321D07B} => moved successfully
C:\Users\Pufferfish\AppData\Local\{58F60096-AD14-45BA-B6A8-EF7B4747E496} => moved successfully
C:\Users\Pufferfish\AppData\Local\{E2E44964-D17F-4730-BC66-20C251E4DA36} => moved successfully
C:\Users\Pufferfish\AppData\Local\{BAE576C2-61E3-4059-9EFF-C78A9DDB7D25} => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer => moved successfully
C:\Program Files (x86)\Coupon Printer => moved successfully
C:\Users\Pufferfish\AppData\Local\Temp\GUREE06.exe => moved successfully
C:\Users\Pufferfish\AppData\Local\Temp\ReimagePackage.exe => moved successfully
C:\Users\Pufferfish\AppData\Local\Temp\uyx9ur1l.dll => moved successfully
C:\Windows\System32\IEAdvpack.dll => moved successfully
C:\Windows\System32\Drivers\cmdide.sys => moved successfully
C:\Windows\System32\Drivers\msahci.sys => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E37E59C-FDE2-47C0-B4D0-E31BA518BDE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E37E59C-FDE2-47C0-B4D0-E31BA518BDE6} => key removed successfully
C:\Windows\System32\Tasks\ReimageUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topcashback.co.uk => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9EBF2F68-C563-4E8A-B5DE-AB8B31F01A78} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAD78A2E-DD26-431D-9E73-4A5341718711} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{970A86A0-2285-4855-9B8F-5D3D97C9FC29} => value removed successfully
"C:\Program Files\Reimage" => not found.
 
"C:\Program Files (x86)\MR APP" folder move:
 
Could not move "C:\Program Files (x86)\MR APP" => Scheduled to move on reboot.
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13215158 B
Java, Flash, Steam htmlcache => 933 B
Windows/system/drivers => 300712 B
Edge => 0 B
Chrome => 288338794 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 148985 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Pufferfish => 25233124 B
 
RecycleBin => 4413817 B
EmptyTemp: => 324.3 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-01-2017 19:12:44)
 
C:\Program Files (x86)\MR APP => Is moved successfully
 
==== End of Fixlog 19:12:45 ====
 
 
 
 
I performed the second step and then tried updating my Malwarebytes trial product. It scanned for updates and then showed as current but it still says it's the 3.0.5 version. Here are the scan results anyway. They all show as PUPs except the coupon one which shows as malware. I haven't taken any actions to quarantine or delete anything yet.
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/31/17
Scan Time: 2:00 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1139
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 918885
Time Elapsed: 2 hr, 10 min, 47 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 13
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1316], [332494],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1316], [332494],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, No Action By User, [1316], [332494],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, No Action By User, [1316], [327205],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, No Action By User, [1316], [327205],1.0.1139
PUP.Optional.Reimage, HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, No Action By User, [1316], [327205],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, No Action By User, [1316], [336077],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1316], [327193],1.0.1139
PUP.Optional.Reimage, HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\REIMAGE\PC REPAIR, No Action By User, [1316], [327204],1.0.1139
PUP.Optional.Reimage, HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\Reimage, No Action By User, [1316], [357494],1.0.1139
PUP.Optional.Reimage, HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., No Action By User, [1316], [327203],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, No Action By User, [1316], [327193],1.0.1139
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, No Action By User, [1316], [327193],1.0.1139
 
Registry Value: 1
PUP.Optional.Reimage, HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, No Action By User, [1316], [327204],1.0.1139
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
PUP.Optional.Bandoo, C:\USERS\PUFFERFISH\DOWNLOADS\ILIVIDSETUP-R157-N-BC.EXE, No Action By User, [1223], [301304],1.0.1139
PUP.Optional.Koyote, C:\USERS\PUFFERFISH\DOWNLOADS\FUZEZIPSETUP-R143-W-BC.EXE, No Action By User, [8708], [76875],1.0.1139
Adware.Coupons, C:\USERS\PUFFERFISH\DOWNLOADS\COUPONPRINTER (2).EXE, No Action By User, [4189], [9417],1.0.1139
PUP.Optional.Uniblue, C:\USERS\PUFFERFISH\DOWNLOADS\PCMECHANICPM.EXE, No Action By User, [1476], [327228],1.0.1139
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

Update:

 

Laptop isn't running slow so far this morning so that's good. Malwarebytes still warns that protection is disabled and when I go to check, it's still the Ransomware protection that isn't on. When I try to switch it on, it says 'starting' but never comes on. I normally use McAfee for my firewall and realtime-scanning so I guess it's really that that I need to check works ok. I'm guessing my Malwarebytes trial is due to end any day now! I just hope the Ransomware not coming on is not a sign of a wider or hidden problem since McAfee was first to show real-time scanning issues. I tried checking on McAfee this morning to make sure everything is showing as on and working but it refused to open while it was updating... 

 

In other news, I still can't change proxy settings or click on 'internet options' under the control panel but I can get on a couple of websites that seemed to have proxy issues before so that's good. One of the sites shows as not secure though so should I avoid using it or just avoid purchasing online? 

 

Thanks for your continued help!



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 31 January 2017 - 01:45 PM

Hi Tapir
 

During the fixlog, the laptop rebooted but I guess it worked ok...

Nothing to worry about.
This is the reason for that reboot:

Could not move "C:\Program Files (x86)\MR APP" => Scheduled to move on reboot.

That said, because we emptied the Temp files FRST would have rebooted after the fix anyway.




Here are the scan results anyway. They all show as PUPs except the coupon one which shows as malware. I haven't taken any actions to quarantine or delete anything yet.

Yes, run MalwareBytes again and let it remove those items.
Most are related to Reimage.
We have removed this, but MalwareBytes has found a few leftovers in the registry.
The bottom section shows adware that is still in programs in your Download folder.
MalwareBytes will take care of these for you.
 

Currently the Ransomware Protection won't even come on. I click it to 'on' and it just says 'starting...' and stays like that

You are not the only one to experience this problem.
There is a thread about it over at MalwareBytes:
https://forums.malwarebytes.com/topic/193360-ransomware-protection-stuck-on-starting/
 

tried updating my Malwarebytes trial product. It scanned for updates and then showed as current but it still says it's the 3.0.5 version.

Quite possible.
MalwareBytes limits the number of updates per hour, so if the quota has been reached you'll need to check again later.
 

FW: McAfee Firewall (Enabled) {8936D876-4F71-96AE-DE64-910C110AC522}

Windows Firewall is enabled.

This won't help your system.
You should only run one software firewall otherwise they may conflict and cause system problems.
The McAfee security Center will probably lock you out of altering the Windows Firewall settings.
So to turn off the Windows Firewall, you may have to disable McAfee first.
Or better still, turn off the McAfee firewall.
Is there any particular reason that you use McAfee?
It's not a program that we would recommend.
 

I still can't change proxy settings or click on 'internet options' under the control panel

All the proxy settings have been cleared, so no proxy is set now:

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1002439171-454579158-3284813215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

Can you get to Internet Options from within Internet Explorer?
The Internet Options can be reached from the Tools menu in IE.
 

I performed the second step

I was a bit concerned about the C Drive.

Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

is not a good sign.
Can you post the report from that the chkdsk utility will have created, so that I can see exactly what the problem was and if it's been fixed.

Press the Windows + R keys to open the Run dialog, now type:

powershell.exe

and press Enter or OK.

When PowerShell opens you should see a screen something like this:

new%20powersh_zpsfvskmo0q.png

Now copy and paste the command in the quote box below
 

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt


new%20powersh2_zpsisb5cjjq.png
It'll now look something like this:

and press the Enter on your keyboard..


A CHKDSKResults.txt file will be created on your desktop, that is the log file of your chkdsk scan results from Event Viewer.

Please copy and paste the results in your next post.

Edited by Starbuck, 01 February 2017 - 02:13 PM.

BBPP6nz.png


#10 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 01 February 2017 - 08:00 AM

Hi

 

So I ran Malwarebytes again and let it deal with the remaining issues from the last scan. It's showing as version 3.0.0 at the moment!

 

Re. McAfee - I have it installed as I get it free with my ISP. Is there a reason why you wouldn't recommend it?

 

Re. 'internet options' - I can't access it through Internet Explorer/Tools either. When I double click on 'internet options' it just doesn't respond.

 

On closing IE I get a message stating:

 

There was a problem starting c:\windows\system32\inetcpl.cpl. The specified module could not be found.

 

 

I've just tried creating the CHKDSK log but when I press enter, it says there is an 'unexpected token match in expression or statement at line: 1, char: 91. Let me know if you need more details.



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 01 February 2017 - 02:44 PM

Hi Tapir
 

So I ran Malwarebytes again and let it deal with the remaining issues from the last scan. It's showing as version 3.0.0 at the moment!

Ok, we'll deal with that later.
 

Re. McAfee - I have it installed as I get it free with my ISP. Is there a reason why you wouldn't recommend it?

There are a lot of people that have found it uses a lot of resources, likes to take over things and lock you out of some settings and has been known to cause other problems.
I installed it a long time ago to give it a try..... after struggling to get onto the internet for about 20 mins, I uninstalled it.
Browser had no problem getting online once it was removed.
It also came preinstalled on my laptop about 12 months ago.... that was the first thing I removed.
Even John McAfee didn't think it was that good.... which he stated when he sold it to Intel.
John McAfee: McAfee antivirus is one of the worst products on the planet
 

I've just tried creating the CHKDSK log but when I press enter, it says there is an 'unexpected token match in expression or statement at line: 1, char: 91.

Ok, I hold my hands up to that.... my bad.
I checked the command to be pasted into Powershell and found that I had omitted one dash.
Sorry about that.
I have corrected the previous instructions, so please try that again.
 

On closing IE I get a message stating:

There was a problem starting c:\windows\system32\inetcpl.cpl. The specified module could not be found.

2 ways we can try and deal with this.

Step 1

Click Start >> All Programs >> Accessories,
Now right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press the ENTER key on the keyboard: (the space is meant to be there between the c and the / )
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

It is known that running the System File Checker doesn't always get everything on the first run, so please run this twice.

If after rebooting the system, you still can't get into Internet Options.... run the next step.

Step 2
Let's search your system and see what copies of inetcpl.cpl are there.
  • Please start FRST again, but this time type the following in the edit box after Search: inetcpl.cpl
  • Click the Search File(s) button

    inetfrst_zpseoqjofg5.png
  • It will make a log (Search.txt)- please post this report in your next reply.
Thanks

BBPP6nz.png


#12 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 02 February 2017 - 10:03 AM

 

 
It also came preinstalled on my laptop about 12 months ago.... that was the first thing I removed.
Even John McAfee didn't think it was that good.... which he stated when he sold it to Intel.

 

Hmm, ok that's enlightening... 

 

 

Thanks for the amended command. Here are the CHKDSK results:

 

 
 
TimeCreated : 30/01/2017 16:57:02
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 5)...
                807424 file records processed.                                 
                      
              File verification completed.
                1387 large file records processed.                             
                    
                0 bad file records processed.                                  
                 
                0 EA records processed.                                        
                 
                44 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 5)...
                888060 index entries processed.                                
                      
              Index verification completed.
                0 unindexed files scanned.                                     
                 
                0 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 5)...
                807424 file SDs/SIDs processed.                                
                      
              Cleaning up 14 unused index entries from index $SII of file 0x9.
              Cleaning up 14 unused index entries from index $SDH of file 0x9.
              Cleaning up 14 unused security descriptors.
              Security descriptor verification completed.
                40319 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                33619368 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              CHKDSK is verifying file data (stage 4 of 5)...
              Windows replaced bad clusters in file 128937
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APF85D~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129070
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP69DF~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129088
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP76A2~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129095
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APFE6A~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129125
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP9A63~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129167
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APA049~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129181
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP302D~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129183
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APFD3F~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129185
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APEC31~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129186
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP0693~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129187
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP54DE~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129194
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP237E~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129198
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP0266~2.EXE\Report.wer.
              Windows replaced bad clusters in file 129205
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP7B1C~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129227
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP7A43~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129235
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP3B6B~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129247
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APA9F5~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129279
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP459D~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129280
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APCC6D~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129308
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP57FF~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129336
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APPCRA~4.EXE\Report.wer.
              Windows replaced bad clusters in file 129341
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APPCRA~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129346
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP5263~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129348
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APAD13~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129349
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APDC1F~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129354
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APC27C~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129355
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APE4DB~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129357
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP3F53~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129365
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APBA90~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129368
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP819E~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129369
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APCB27~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129376
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP63D5~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129381
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP8E06~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129394
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APA339~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129401
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APE5A5~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129404
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APA690~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129429
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APB11A~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129431
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP7ACD~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129437
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APC3CD~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129512
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APB772~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129515
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP11EB~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129522
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP7A9E~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129523
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP52EF~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129528
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APC35B~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129540
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APA42A~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129542
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APE5A9~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129557
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP9A4D~2.EXE\Report.wer.
              Windows replaced bad clusters in file 129560
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APD1F2~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129562
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APPHAN~2.EXE\Report.wer.
              Windows replaced bad clusters in file 129569
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APPHAN~1\Report.wer.
              Windows replaced bad clusters in file 129590
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\CR7A08~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129607
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP6586~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129659
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\CR5D58~1.EXE\Report.wer.
              Windows replaced bad clusters in file 129665
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\CRA1F9~1.EXE\Report.wer.
              Windows replaced bad clusters in file 132219
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP21B1~1.EXE\Report.wer.
              Windows replaced bad clusters in file 137164
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP84DD~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 140018
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP8570~1.EXE\Report.wer.
              Windows replaced bad clusters in file 141203
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP8394~1\Report.w
              er.
              Windows replaced bad clusters in file 141661
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~2.SER\Repo
              rt.wer.
              Windows replaced bad clusters in file 143817
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP361A~1.EXE\Report.wer.
              Windows replaced bad clusters in file 143818
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP43FE~1.EXE\Report.wer.
              Windows replaced bad clusters in file 149292
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP252B~1.EXE\Report.wer.
              Windows replaced bad clusters in file 151854
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 152099
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP87B9~1.EXE\Report.wer.
              Windows replaced bad clusters in file 152161
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP1563~1.EXE\Report.wer.
              Windows replaced bad clusters in file 152610
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP21FB~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 154496
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\AP10F1~1.EXE\Report.wer.
              Windows replaced bad clusters in file 158092
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~1.S_5\Repo
              rt.wer.
              Windows replaced bad clusters in file 158430
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APDCDC~1.EXE\Report.wer.
              Windows replaced bad clusters in file 160296
              of name \Users\PUFFER~1\AppData\Local\MICROS~1\Windows\WER\REPORT
              ~1\APPHAN~3.EXE\Report.wer.
              Windows replaced bad clusters in file 161487
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP0D91~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 161740
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APE040~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 180161
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP3911~1\Report.w
              er.
              Windows replaced bad clusters in file 180505
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~4.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 180789
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~2.S_2\Repo
              rt.wer.
              Windows replaced bad clusters in file 182235
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\APPCRA~4.S_5\Repo
              rt.wer.
              Windows replaced bad clusters in file 201551
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP822A~1\Report.w
              er.
              Windows replaced bad clusters in file 216627
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP4143~1\Report.w
              er.
              Windows replaced bad clusters in file 229447
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\AP7D53~1.EXE\Repo
              rt.wer.
              Windows replaced bad clusters in file 243892
              of name \PROGRA~3\MICROS~1\Windows\WER\REPORT~1\CRFB9E~1.760\Repo
              rt.wer.
                807408 files processed.                                        
                      
              File data verification completed.
              CHKDSK is verifying free space (stage 5 of 5)...
                39068539 free clusters processed.                              
                        
              Free space verification is complete.
              CHKDSK discovered free space marked as allocated in the
              master file table (MFT) bitmap.
              CHKDSK discovered free space marked as allocated in the volume bi
              tmap.
              Windows has made corrections to the file system.
              
               298212695 KB total disk space.
               140645436 KB in 761319 files.
                  374780 KB in 40320 indexes.
                       0 KB in bad sectors.
                  918323 KB in use by the system.
                   65536 KB occupied by the log file.
               156274156 KB available on disk.
              
                    4096 bytes in each allocation unit.
                74553173 total allocation units on disk.
                39068539 allocation units available on disk.
              
              Internal Info:
              00 52 0c 00 73 3b 0c 00 da 9f 17 00 00 00 00 00  .R..s;..........
              f2 1a 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              
 
TimeCreated : 29/01/2017 19:09:31
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 3)...
              The attribute of type 0x80 and instance tag 0x0 in file 0xc19fb
              has allocated length of 0x23a000 instead of 0x239000.
              Deleted corrupt attribute list entry
              with type code 128 in file 793083.
              Unable to locate attribute with instance tag 0x0 and segment
              reference 0xc00000007f3ee.  The expected attribute type is 0x80.
              Deleting corrupt attribute record (128, "")
              from file record segment 521198.
              Unable to locate attribute with instance tag 0x0 and segment
              reference 0xb0000000c0dc9.  The expected attribute type is 0x80.
              Deleting corrupt attribute record (128, "")
              from file record segment 789961.
              Unable to locate attribute with instance tag 0x0 and segment
              reference 0x30000000c204a.  The expected attribute type is 0x80.
              Deleting corrupt attribute record (128, "")
              from file record segment 794698.
                807424 file records processed.                                 
                      
              File verification completed.
              Deleting orphan file record segment 521198.
              Deleting orphan file record segment 789961.
                1381 large file records processed.                             
                    
                0 bad file records processed.                                  
                 
                0 EA records processed.                                        
                 
                44 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 3)...
                888080 index entries processed.                                
                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their origina
              l directory.
              Recovering orphaned file B4A452~1 (807373) into directory file 17
              035.
              Recovering orphaned file b4a452be829877c906aacf792dcc2cb8_bee386d
              c-e054-4dad-962c-358b58c85124 (807373) into directory file 17035.
              Recovering orphaned file 511743~1 (807375) into directory file 17
              067.
              Recovering orphaned file 511743A8FA428654641A6C63C5CD5D65F7BFB962
               (807375) into directory file 17067.
              Recovering orphaned file 06B230~1 (807376) into directory file 17
              067.
              Recovering orphaned file 06B230DC1F4D4626E61728509527E1DACE5A03C0
               (807376) into directory file 17067.
              Recovering orphaned file AC00B5~1 (807377) into directory file 17
              067.
              Recovering orphaned file AC00B557D3C54ABA3223663772E6F9EDBEE39727
               (807377) into directory file 17067.
              Recovering orphaned file 570365~1 (807378) into directory file 17
              067.
              Recovering orphaned file 570365CC50533CABE1F5B206E81BA35D0BE0D95C
               (807378) into directory file 17067.
              Recovering orphaned file 2FAA59~1 (807379) into directory file 17
              067.
              Recovering orphaned file 2FAA59A8C818B5DC7CAF8E8609E728BFBC079825
               (807379) into directory file 17067.
              Recovering orphaned file 43768D~1 (807381) into directory file 14
              0022.
              Recovering orphaned file 43768D79C4ABD813B86A473DB7005F3569E168DF
               (807381) into directory file 140022.
              Recovering orphaned file 3E7A26~1 (807382) into directory file 14
              0022.
              Recovering orphaned file 3E7A26C7340DB36FFCA616613CED301725B60418
               (807382) into directory file 140022.
              Recovering orphaned file BA12C0~1 (807383) into directory file 14
              0022.
              Recovering orphaned file BA12C031458666DEA0FA1E27D2B1B5391255DBE7
               (807383) into directory file 140022.
              Recovering orphaned file AAB29F~1 (807384) into directory file 14
              0022.
              Recovering orphaned file AAB29FD90B25E0041B88DB160397C836085EA847
               (807384) into directory file 140022.
              Recovering orphaned file FDEE82~1 (807385) into directory file 14
              0022.
              Recovering orphaned file FDEE827A4FA3F8FF9D203359C726B36A4EB9F3A0
               (807385) into directory file 140022.
              Recovering orphaned file 2D4933~1 (807386) into directory file 17
              067.
              Recovering orphaned file 2D49337E6244BBD4370F874A9512450E40879E39
               (807386) into directory file 17067.
              Recovering orphaned file f_001999 (807387) into directory file 26
              521.
              Recovering orphaned file f_00199a (807388) into directory file 26
              521.
                16 unindexed files scanned.                                    
                  
              Recovering orphaned file A5A7FB~1 (807389) into directory file 14
              0022.
              Recovering orphaned file A5A7FB80FB0D03FAE0FA7678AE0E4033D666FDF8
               (807389) into directory file 140022.
              CHKDSK is recovering remaining unindexed files.
                1 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 3)...
                807424 file SDs/SIDs processed.                                
                      
              Cleaning up 60 unused index entries from index $SII of file 0x9.
              Cleaning up 60 unused index entries from index $SDH of file 0x9.
              Cleaning up 60 unused security descriptors.
              Security descriptor verification completed.
              Inserting data attribute into file 793083.
                40330 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                33601464 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              Correcting errors in the master file table's (MFT) BITMAP attribu
              te.
              CHKDSK discovered free space marked as allocated in the volume bi
              tmap.
              Windows has made corrections to the file system.
              
               298212695 KB total disk space.
               139376712 KB in 760904 files.
                  375316 KB in 40331 indexes.
                       0 KB in bad sectors.
                  919039 KB in use by the system.
                   65536 KB occupied by the log file.
               157541628 KB available on disk.
              
                    4096 bytes in each allocation unit.
                74553173 total allocation units on disk.
                39385407 allocation units available on disk.
              
              Internal Info:
              00 52 0c 00 de 39 0c 00 32 9e 17 00 00 00 00 00  .R...9..2.......
              f3 1a 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              
 
TimeCreated : 23/01/2017 19:17:32
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 3)...
              Attribute record of type 0x80 and instance tag 0x3 is cross linke
              d
              starting at 0x13e600 for possibly 0x27 clusters.
              Some clusters occupied by attribute of type 0x80 and instance tag
               0x3
              in file 0x3c910 is already in use.
              Deleting corrupt attribute record (128, "")
              from file record segment 248080.
                806144 file records processed.                                 
                      
              File verification completed.
                1372 large file records processed.                             
                    
                0 bad file records processed.                                  
                 
                0 EA records processed.                                        
                 
                44 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 3)...
              Index entry ET6AEC~1 of index $I30 in file 0x1bc points to unused
               file 0xb32b6.
              Deleting index entry ET6AEC~1 in index $I30 of file 444.
              Index entry etilqs_maNO4schEYf2rhl of index $I30 in file 0x1bc po
              ints to unused file 0xb32b6.
              Deleting index entry etilqs_maNO4schEYf2rhl in index $I30 of file
               444.
              Unable to locate the file name attribute of index entry LOG
              of index $I30 with parent 0x3a3b in file 0x4283.
              Deleting index entry LOG in index $I30 of file 14907.
              Index entry A767A167D696623E084A2FB210495039134D5363 of index $I3
              0 in file 0x42ab points to unused file 0xb30a5.
              Deleting index entry A767A167D696623E084A2FB210495039134D5363 in 
              index $I30 of file 17067.
              Index entry A767A1~1 of index $I30 in file 0x42ab points to unuse
              d file 0xb30a5.
              Deleting index entry A767A1~1 in index $I30 of file 17067.
              Index entry f_00006b of index $I30 in file 0x6799 points to unuse
              d file 0xb3022.
              Deleting index entry f_00006b in index $I30 of file 26521.
              Index entry f_000070 of index $I30 in file 0x6799 points to unuse
              d file 0xb30b9.
              Deleting index entry f_000070 in index $I30 of file 26521.
              Index entry f_000071 of index $I30 in file 0x6799 points to unuse
              d file 0xb30bf.
              Deleting index entry f_000071 in index $I30 of file 26521.
              Index entry f_00008e of index $I30 in file 0x6799 points to unuse
              d file 0xb30c2.
              Deleting index entry f_00008e in index $I30 of file 26521.
              Index entry f_00008f of index $I30 in file 0x6799 points to unuse
              d file 0xb30ca.
              Deleting index entry f_00008f in index $I30 of file 26521.
              Index entry f_000090 of index $I30 in file 0x6799 points to unuse
              d file 0xb30ff.
              Deleting index entry f_000090 in index $I30 of file 26521.
              Index entry f_000091 of index $I30 in file 0x6799 points to unuse
              d file 0xb3100.
              Deleting index entry f_000091 in index $I30 of file 26521.
              Index entry f_000092 of index $I30 in file 0x6799 points to unuse
              d file 0xb3111.
              Deleting index entry f_000092 in index $I30 of file 26521.
              Index entry f_000093 of index $I30 in file 0x6799 points to unuse
              d file 0xb3114.
              Deleting index entry f_000093 in index $I30 of file 26521.
              Index entry f_000094 of index $I30 in file 0x6799 points to unuse
              d file 0xb3149.
              Deleting index entry f_000094 in index $I30 of file 26521.
              Index entry f_00009d of index $I30 in file 0x6799 points to unuse
              d file 0xb314d.
              Deleting index entry f_00009d in index $I30 of file 26521.
              Index entry f_00009e of index $I30 in file 0x6799 points to unuse
              d file 0xb3165.
              Deleting index entry f_00009e in index $I30 of file 26521.
              Index entry f_0000a7 of index $I30 in file 0x6799 points to unuse
              d file 0xb3047.
              Deleting index entry f_0000a7 in index $I30 of file 26521.
              Index entry f_0000ac of index $I30 in file 0x6799 points to unuse
              d file 0xb31c1.
              Deleting index entry f_0000ac in index $I30 of file 26521.
              Index entry f_0000b2 of index $I30 in file 0x6799 points to unuse
              d file 0xb31c8.
              Deleting index entry f_0000b2 in index $I30 of file 26521.
              Index entry f_0000b4 of index $I30 in file 0x6799 points to unuse
              d file 0xb31d2.
              Deleting index entry f_0000b4 in index $I30 of file 26521.
              Index entry f_0000b6 of index $I30 in file 0x6799 points to unuse
              d file 0xb31dd.
              Deleting index entry f_0000b6 in index $I30 of file 26521.
              Index entry f_0000b7 of index $I30 in file 0x6799 points to unuse
              d file 0xb31ee.
              Deleting index entry f_0000b7 in index $I30 of file 26521.
              Index entry f_0000b8 of index $I30 in file 0x6799 points to unuse
              d file 0xb3229.
              Deleting index entry f_0000b8 in index $I30 of file 26521.
              Index entry f_0000b9 of index $I30 in file 0x6799 points to unuse
              d file 0xb3232.
              Deleting index entry f_0000b9 in index $I30 of file 26521.
              Index entry f_0000ba of index $I30 in file 0x6799 points to unuse
              d file 0xb329b.
              Deleting index entry f_0000ba in index $I30 of file 26521.
              Index entry f_0000c0 of index $I30 in file 0x6799 points to unuse
              d file 0xb3036.
              Deleting index entry f_0000c0 in index $I30 of file 26521.
              Index entry f_0000c4 of index $I30 in file 0x6799 points to unuse
              d file 0xb32c7.
              Deleting index entry f_0000c4 in index $I30 of file 26521.
              Index entry f_0000c5 of index $I30 in file 0x6799 points to unuse
              d file 0xb32ce.
              Deleting index entry f_0000c5 in index $I30 of file 26521.
              Index entry f_0000c7 of index $I30 in file 0x6799 points to unuse
              d file 0xb32fe.
              Deleting index entry f_0000c7 in index $I30 of file 26521.
              Index entry f_00062e of index $I30 in file 0x6799 points to unuse
              d file 0xb2ac5.
              Deleting index entry f_00062e in index $I30 of file 26521.
              Index entry f_00062f of index $I30 in file 0x6799 points to unuse
              d file 0xb2aef.
              Deleting index entry f_00062f in index $I30 of file 26521.
              Index entry f_000630 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b19.
              Deleting index entry f_000630 in index $I30 of file 26521.
              Index entry f_000631 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b2b.
              Deleting index entry f_000631 in index $I30 of file 26521.
              Index entry f_000632 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b2d.
              Deleting index entry f_000632 in index $I30 of file 26521.
              Index entry f_000633 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b2e.
              Deleting index entry f_000633 in index $I30 of file 26521.
              Index entry f_000634 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b2f.
              Deleting index entry f_000634 in index $I30 of file 26521.
              Index entry f_000635 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b4f.
              Deleting index entry f_000635 in index $I30 of file 26521.
              Index entry f_000636 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b5b.
              Deleting index entry f_000636 in index $I30 of file 26521.
              Index entry f_000637 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b63.
              Deleting index entry f_000637 in index $I30 of file 26521.
              Index entry f_000638 of index $I30 in file 0x6799 points to unuse
              d file 0xb2b70.
              Deleting index entry f_000638 in index $I30 of file 26521.
              Index entry f_00063a of index $I30 in file 0x6799 points to unuse
              d file 0xb2b71.
              Deleting index entry f_00063a in index $I30 of file 26521.
              Index entry f_00063b of index $I30 in file 0x6799 points to unuse
              d file 0xb2b74.
              Deleting index entry f_00063b in index $I30 of file 26521.
              Index entry f_00063c of index $I30 in file 0x6799 points to unuse
              d file 0xb2b85.
              Deleting index entry f_00063c in index $I30 of file 26521.
              Index entry f_00063d of index $I30 in file 0x6799 points to unuse
              d file 0xb2b86.
              Deleting index entry f_00063d in index $I30 of file 26521.
              The multi-sector header signature for VCN 0x14 of index $I30
              in file 0x1a66d is incorrect.
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              Correcting error in index $I30 for file 108141.
              The index bitmap $I30 in file 0x1a66d is incorrect.
              Correcting error in index $I30 for file 108141.
              The two index entries of length 0x68 and 0x198 are either identic
              al
              or appear in the wrong order.
              66 43 02 00 00 00 1e 00 68 00 58 00 00 00 00 00  fC......h.X.....
              6d a6 01 00 00 00 8b 00 77 6a 23 89 80 75 d2 01  m.......wj#..u..
              da 74 3a e0 8d 75 d2 01 76 48 4c f4 8d 75 d2 01  .t:..u..vHL..u..
              b7 45 20 e0 8d 75 d2 01 00 d0 62 00 00 00 00 00  .E ..u....b.....
              68 ca 62 00 00 00 00 00 20 20 00 00 00 00 00 00  h.b.....  ......
              0b 02 57 00 50 00 52 00 4f 00 54 00 7e 00 31 00  ..W.P.R.O.T.~.1.
              2e 00 4d 00 42 00 44 00 47 00 00 00 00 00 56 0b  ..M.B.D.G.....V.
              0e 00 00 00 00 00 00 00 2d 00 34 00 35 00 34 00  ........-.4.5.4.
              -----------------------------------------------------------------
              -----
              fa 36 02 00 00 00 77 00 98 01 7e 01 01 00 00 00  .6....w...~.....
              6d a6 01 00 00 00 8b 00 9a 21 07 dc 29 74 d2 01  m........!..)t..
              a5 7e ec 26 2b 74 d2 01 a5 7e ec 26 2b 74 d2 01  .~.&+t...~.&+t..
              9a 21 07 dc 29 74 d2 01 00 00 08 00 00 00 00 00  .!..)t..........
              00 00 08 00 00 00 00 00 26 20 00 00 00 00 00 00  ........& ......
              9e 01 53 00 2d 00 31 00 2d 00 35 00 2d 00 32 00  ..S.-.1.-.5.-.2.
              31 00 2d 00 31 00 30 00 30 00 32 00 34 00 33 00  1.-.1.0.0.2.4.3.
              39 00 31 00 37 00 31 00 2d 00 34 00 35 00 34 00  9.1.7.1.-.4.5.4.
              35 00 37 00 39 00 31 00 35 00 38 00 2d 00 33 00  5.7.9.1.5.8.-.3.
              32 00 38 00 34 00 38 00 31 00 33 00 32 00 31 00  2.8.4.8.1.3.2.1.
              35 00 2d 00 31 00 30 00 30 00 30 00 2d 00 30 00  5.-.1.0.0.0.-.0.
              31 00 32 00 31 00 32 00 30 00 31 00 37 00 32 00  1.2.1.2.0.1.7.2.
              31 00 30 00 33 00 34 00 37 00 34 00 36 00 38 00  1.0.3.4.7.4.6.8.
              2d 00 55 00 73 00 72 00 43 00 6c 00 61 00 73 00  -.U.s.r.C.l.a.s.
              73 00 2e 00 64 00 61 00 74 00 7b 00 30 00 63 00  s...d.a.t.{.0.c.
              38 00 32 00 30 00 64 00 63 00 63 00 2d 00 65 00  8.2.0.d.c.c.-.e.
              30 00 31 00 61 00 2d 00 31 00 31 00 65 00 36 00  0.1.a.-.1.1.e.6.
              Sorting index $I30 in file 108141.
              The index bitmap $I30 in file 0x222f6 is incorrect.
              Correcting error in index $I30 for file 140022.
              Index entry Local State of index $I30 in file 0x258ab points to u
              nused file 0xb31b4.
              Deleting index entry Local State in index $I30 of file 153771.
              Index entry LOCALS~1 of index $I30 in file 0x258ab points to unus
              ed file 0xb31b4.
              Deleting index entry LOCALS~1 in index $I30 of file 153771.
              Index entry Preferences of index $I30 in file 0x258c2 points to u
              nused file 0xb32c8.
              Deleting index entry Preferences in index $I30 of file 153794.
              Index entry PREFER~1 of index $I30 in file 0x258c2 points to unus
              ed file 0xb32c8.
              Deleting index entry PREFER~1 in index $I30 of file 153794.
              Index entry TransportSecurity of index $I30 in file 0x258c2 point
              s to unused file 0xb31d4.
              Deleting index entry TransportSecurity in index $I30 of file 1537
              94.
              Index entry TRANSP~1 of index $I30 in file 0x258c2 points to unus
              ed file 0xb31d4.
              Deleting index entry TRANSP~1 in index $I30 of file 153794.
                886642 index entries processed.                                
                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their origina
              l directory.
              Recovering orphaned file LOG.old (17027) into directory file 1490
              7.
              Recovering orphaned file LOG (17868) into directory file 14907.
              Recovering orphaned file PREFER~1 (62586) into directory file 153
              794.
              Recovering orphaned file Preferences (62586) into directory file 
              153794.
              Recovering orphaned file S-1F9D~1.LOG (99252) into directory file
               108141.
              Recovering orphaned file S-1-5-20-01232017161926099-ntuser.dat.LO
              G1 (99252) into directory file 108141.
              Recovering orphaned file TRANSP~1 (108098) into directory file 15
              3794.
              Recovering orphaned file TransportSecurity (108098) into director
              y file 153794.
              Recovering orphaned file S-AFE3~1.DAT (169853) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-18-01232017161923243-ntuser.dat (1
              69853) into directory file 108141.
              Recovering orphaned file LOCALS~1 (170455) into directory file 15
              3771.
              Recovering orphaned file Local State (170455) into directory file
               153771.
              Recovering orphaned file S-EA54~1.LOG (171081) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-18-01232017161923243-ntuser.dat.LO
              G1 (171081) into directory file 108141.
              Recovering orphaned file S-5A85~1.REG (171522) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-18-01232017161923243-ntuser.dat{9a
              78093f-e180-11e6-8b9d-6427379f76ba}.TMContainer000000000000000000
              01.regtrans-ms (171522) into directory file 108141.
              Recovering orphaned file S-9E66~1.REG (171527) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-18-01232017161923243-ntuser.dat{9a
              78093f-e180-11e6-8b9d-6427379f76ba}.TMContainer000000000000000000
              02.regtrans-ms (171527) into directory file 108141.
              Recovering orphaned file S-CF9B~1.DAT (171636) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat (1
              71636) into directory file 108141.
              Recovering orphaned file S-567E~1.LOG (171663) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat.LO
              G1 (171663) into directory file 108141.
              Recovering orphaned file S-0C63~1.LOG (171712) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat.LO
              G2 (171712) into directory file 108141.
              Recovering orphaned file S-D61D~1.BLF (171775) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat{9a
              780945-e180-11e6-8b9d-6427379f76ba}.TM.blf (171775) into director
              y file 108141.
              Recovering orphaned file S-F3F0~1.REG (171832) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat{9a
              780945-e180-11e6-8b9d-6427379f76ba}.TMContainer000000000000000000
              01.regtrans-ms (171832) into directory file 108141.
              Recovering orphaned file S-4F63~1.REG (171895) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-19-01232017161925631-ntuser.dat{9a
              780945-e180-11e6-8b9d-6427379f76ba}.TMContainer000000000000000000
              02.regtrans-ms (171895) into directory file 108141.
              Recovering orphaned file S-E433~1.REG (172001) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-20-01232017161926099-ntuser.dat{9a
              78094b-e180-11e6-8b9d-6427379f76ba}.TMContainer000000000000000000
              01.regtrans-ms (172001) into directory file 108141.
              Recovering orphaned file S-6B5C~1.DAT (172016) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-20-01232017161926099-ntuser.dat (1
              72016) into directory file 108141.
              Recovering orphaned file S-927F~1.LOG (173927) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-ntuser.dat.LOG2 (173927) into directory f
              ile 108141.
              Recovering orphaned file S-3E94~1.BLF (174397) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-ntuser.dat{9a780951-e180-11e6-8b9d-642737
              9f76ba}.TM.blf (174397) into directory file 108141.
              Recovering orphaned file S-C7C3~1.REG (175338) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-ntuser.dat{9a780951-e180-11e6-8b9d-642737
              9f76ba}.TMContainer00000000000000000002.regtrans-ms (175338) into
               directory file 108141.
              Recovering orphaned file S-E8E3~1.LOG (175379) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-UsrClass.dat.LOG1 (175379) into directory
               file 108141.
              Recovering orphaned file S-9ED8~1.LOG (175445) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-UsrClass.dat.LOG2 (175445) into directory
               file 108141.
              Recovering orphaned file S-0D28~1.BLF (175459) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-UsrClass.dat{9a780953-e180-11e6-8b9d-6427
              379f76ba}.TM.blf (175459) into directory file 108141.
              Recovering orphaned file S-603E~1.REG (175547) into directory fil
              e 108141.
              Recovering orphaned file S-1-5-21-1002439171-454579158-3284813215
              -1000-01232017161926541-UsrClass.dat{9a780953-e180-11e6-8b9d-6427
              379f76ba}.TMContainer00000000000000000001.regtrans-ms (175547) in
              to directory file 108141.
              Recovering orphaned file E9A8E0~1 (483607) into directory file 14
              0022.
              Recovering orphaned file E9A8E023B6EAE7C55D2539EAC4A089B4C9CE5A64
               (483607) into directory file 140022.
              Recovering orphaned file 668039~1 (727011) into directory file 17
              035.
              R
 
TimeCreated : 23/01/2017 11:57:04
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                         
              
              CHKDSK is verifying files (stage 1 of 3)...
                806144 file records processed.                                 
                      
              File verification completed.
                1364 large file records processed.                             
                    
                0 bad file records processed.                                  
                 
                0 EA records processed.                                        
                 
                44 reparse records processed.                                  
                  
              CHKDSK is verifying indexes (stage 2 of 3)...
              Unable to locate the file name attribute of index entry MSS001F7.
              log
              of index $I30 with parent 0x60d in file 0x1ac49.
              Deleting index entry MSS001F7.log in index $I30 of file 1549.
                885898 index entries processed.                                
                      
              Index verification completed.
              CHKDSK is scanning unindexed files for reconnect to their origina
              l directory.
              Recovering orphaned file MSS.log (109641) into directory file 154
              9.
                2 unindexed files scanned.                                     
                 
              CHKDSK is recovering remaining unindexed files.
                1 unindexed files recovered.                                   
                 
              CHKDSK is verifying security descriptors (stage 3 of 3)...
                806144 file SDs/SIDs processed.                                
                      
              Cleaning up 251 unused index entries from index $SII of file 0x9.
              Cleaning up 251 unused index entries from index $SDH of file 0x9.
              Cleaning up 251 unused security descriptors.
              Security descriptor verification completed.
                39878 data files processed.                                    
                     
              CHKDSK is verifying Usn Journal...
                34794256 USN bytes processed.                                  
                        
              Usn Journal verification completed.
              Correcting errors in the master file table's (MFT) BITMAP attribu
              te.
              CHKDSK discovered free space marked as allocated in the volume bi
              tmap.
              Windows has made corrections to the file system.
              
               298212695 KB total disk space.
               135317272 KB in 755375 files.
                  373156 KB in 39880 indexes.
                       0 KB in bad sectors.
                  918903 KB in use by the system.
                   65536 KB occupied by the log file.
               161603364 KB available on disk.
              
                    4096 bytes in each allocation unit.
                74553173 total allocation units on disk.
                40400841 allocation units available on disk.
              
              Internal Info:
              00 4d 0c 00 82 22 0c 00 1e 76 17 00 00 00 00 00  .M..."...v......
              d4 1a 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              
 
 
I'll reply back again with the results of the next steps...


#13 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 02 February 2017 - 10:57 AM

No joy accessing internet options after scanning with sfc/scannow so I went to the second step. Here's the FRST result:

 

Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Pufferfish (02-02-2017 15:14:01)
Running from C:\Users\Pufferfish\Desktop
Boot Mode: Normal
 
================== Search Files: "inetcpl.cpl" =============
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_a80707838568a80f\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 03:35] 1427968 ____A (Microsoft Corporation) 1C09A242097DCAF33C7BA79C73660FFC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20580_none_a80105c7856e1005\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 03:36] 1427968 ____A (Microsoft Corporation) CC56165E2965CEBEC74DE61C94F943F8 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20573_none_a80ed69185634019\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 20:42] 1427968 ____A (Microsoft Corporation) 93CD673C183C6280E8BB9C478665CFE3 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20565_none_a81ba711855956d6\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 01:33] 1427968 ____A (Microsoft Corporation) 7C8AF905D8DB2A18F865ACACCABA3200 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20562_none_a818a633855c0ad1\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 07:37] 1427968 ____A (Microsoft Corporation) 14E48FBFAF842E1C8AC67E21641D2136 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20557_none_a8287791854f6d93\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 07:12] 1427968 ____A (Microsoft Corporation) F36E843627A3DDD162D5509E6822920A [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_a7883aa46c42ec54\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 03:37] 1427968 ____A (Microsoft Corporation) CA78BA218B423C7F22B14906308B8B02 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16470_none_a78238e86c48544a\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 03:30] 1427968 ____A (Microsoft Corporation) 2A324C44A1B2352EF5F2E1C8984935C0 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16464_none_a79109fc6c3c9db5\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 22:03] 1427968 ____A (Microsoft Corporation) 470D8189D7FE9928FFFECBF55AAA3233 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16457_none_a79edac66c31cdc9\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 01:58] 1427968 ____A (Microsoft Corporation) DE6652B4B4E9795B53142959FD02A4EB [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16455_none_a79cda326c339b1b\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 07:47] 1427968 ____A (Microsoft Corporation) 70D02070AC871E388654C4622215D589 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16450_none_a797d8c06c381c68\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 06:51] 1427968 ____A (Microsoft Corporation) 020C295B09C7DDAE8B13CB9DE0758B4A [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16421_none_a7b948ce6c1ee1ec\inetcpl.cpl
[2011-10-19 23:59][2011-10-19 23:59] 1427456 ____A (Microsoft Corporation) 11086A81EB001967452FF9EC8B926613 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_abfb5733271ca1ff\inetcpl.cpl
[2010-11-21 03:25][2010-11-21 03:25] 1466368 ____A (Microsoft Corporation) 689C8B052E742E054402359F3685FE10 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18537_none_1568688cae9066dc\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 17:36] 2055680 ____A (Microsoft Corporation) 16C100872F41862877C115828B0D1569 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18524_none_1567ac9aae9100a2\inetcpl.cpl
[2016-11-09 11:52][2016-10-22 16:43] 2055680 ____A (Microsoft Corporation) B28D24BE79655AA49DE182B2B425D7D2 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18499_none_15790ca4ae831637\inetcpl.cpl
[2016-10-12 12:18][2016-09-30 05:05] 2055680 ____A (Microsoft Corporation) 85802A0DD8D7E3C61CFFD1874B140953 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18449_none_15740b32ae879784\inetcpl.cpl
[2016-09-15 10:58][2016-09-01 01:29] 2055680 ____A (Microsoft Corporation) 4182A960B163AE8E9B4C5AE1F1FBDF20 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18426_none_15724ef6ae8917f3\inetcpl.cpl
[2016-08-10 16:54][2016-08-02 05:14] 2055680 ____A (Microsoft Corporation) 8560664EC9AFDB4DB83F32A326509259 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18376_none_15822054ae7c7ab5\inetcpl.cpl
[2016-07-13 13:46][2016-06-10 18:09] 2055680 ____A (Microsoft Corporation) 139DB1A85FDDB6FA8558FBD31749922D [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_157edb1eae7f7b93\inetcpl.cpl
[2016-06-15 13:01][2016-05-20 21:08] 2055680 ____A (Microsoft Corporation) 5B89A8DE3B6E1B2BD460005829152F9E [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18314_none_157c4c28ae81af69\inetcpl.cpl
[2016-05-11 13:07][2016-04-23 03:30] 2056192 ____A (Microsoft Corporation) A77B4ECEAE257BADF43E3DB157D06FDD [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18282_none_158e4baaae731197\inetcpl.cpl
[2016-04-14 10:56][2016-03-30 23:23] 2056192 ____A (Microsoft Corporation) 96537B3B2E17273D4B4DB5A061B5D07B [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18230_none_158977c8ae775fa2\inetcpl.cpl
[2016-03-09 12:19][2016-02-08 20:01] 2050560 ____A (Microsoft Corporation) F513214BA350CF5D0D362A002FE79733 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18204_none_15861bcaae7a7a21\inetcpl.cpl
[2016-02-10 12:39][2016-01-22 05:24] 2050560 ____A (Microsoft Corporation) 6483EA614DA752566A20EC8CB20E7B3F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18163_none_1597043aae6cdc99\inetcpl.cpl
[2016-01-13 14:26][2015-12-12 17:00] 2050560 ____A (Microsoft Corporation) 9DA0FD6D5B8E2FAD8967A617FD142C6D [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18124_none_1592ec4aae7090de\inetcpl.cpl
[2015-12-09 11:12][2015-11-09 23:36] 2050560 ____A (Microsoft Corporation) DD99C9D2CA3F9B3D63B965B4EDDAE612 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18097_none_15a479e4ae627331\inetcpl.cpl
[2015-11-11 12:22][2015-10-30 22:09] 2052608 ____A (Microsoft Corporation) 8F13B52696EB7B0D24039E5CB24C088F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18059_none_15a04b2cae664117\inetcpl.cpl
[2015-10-14 09:04][2015-09-16 02:55] 2052608 ____A (Microsoft Corporation) 816B489E2BBFE2479C844AAD486ABB42 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18015_none_159ca524ae697537\inetcpl.cpl
[2015-09-09 11:35][2015-08-15 05:01] 2052608 ____A (Microsoft Corporation) 810525827BFE17A1E99C78C39A8D52BB [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17959_none_153ef9faaeaf3f69\inetcpl.cpl
[2015-08-28 07:10][2015-07-16 19:06] 2052608 ____A (Microsoft Corporation) D1D3DB57C68A2A62E03DD973F53CEA18 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17914_none_153b6abaaeb259e8\inetcpl.cpl
[2015-07-15 09:37][2015-06-19 17:40] 2052608 ____A (Microsoft Corporation) CC044CFF6018AD0368AF3A8149721407 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17843_none_1549524caea7705b\inetcpl.cpl
[2015-06-10 06:56][2015-05-23 02:37] 2052608 ____A (Microsoft Corporation) 4ABEEF30EA5B9F4718312DCB60B6C9BC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17801_none_15457eb4aeaad7bd\inetcpl.cpl
[2015-05-13 10:37][2015-04-21 15:25] 2052608 ____A (Microsoft Corporation) 136687227F11CE928CB05F4FD90319AC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17728_none_1551afbcaea1a1e1\inetcpl.cpl
[2015-04-15 06:11][2015-03-13 02:43] 2052608 ____A (Microsoft Corporation) 8A083313C1F7F50098D1D4F2FC092BD1 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_15642126ae9283ea\inetcpl.cpl
[2015-03-11 07:19][2015-02-20 01:24] 2052608 ____A (Microsoft Corporation) A34897A1A39316BDECCA3E61986F98F2 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17633_none_155df1daae981f22\inetcpl.cpl
[2015-02-11 11:10][2015-01-12 01:23] 2052608 ____A (Microsoft Corporation) AD3F5926EC2C1F21FB45D1CDED6E2A47 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_1565ee78ae9283ea\inetcpl.cpl
[2014-12-10 07:06][2014-11-22 01:22] 2052096 ____A (Microsoft Corporation) 543ADCEA31CF9C2B4EEB900D4AAFD0F9 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17420_none_1572d5c0ae888106\inetcpl.cpl
[2014-11-12 07:01][2014-11-06 02:21] 2051072 ____A (Microsoft Corporation) 7748B3DDDC92C7FC11F7462DB872E8E7 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17358_none_157ff04aae7e7e22\inetcpl.cpl
[2014-10-15 06:11][2014-09-25 22:32] 2017280 ____A (Microsoft Corporation) 835807E2AC0A8FA15B9A2EA80E2D5169 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17280_none_158e7754ae72e12e\inetcpl.cpl
[2014-09-12 22:21][2014-08-18 21:08] 2014208 ____A (Microsoft Corporation) 6A3A809CA7A8F40C89E6F1D301898A66 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17239_none_1588a8daae784924\inetcpl.cpl
[2014-08-14 21:27][2014-07-25 11:07] 2001920 ____A (Microsoft Corporation) E70C00791A18866BB23B3A652E3390A0 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17207_none_1585d58cae7ac9dd\inetcpl.cpl
[2014-07-09 10:20][2014-06-18 22:45] 1964544 ____A (Microsoft Corporation) 4B774E842F268D51DB942EF9637828B9 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17126_none_1592bcd4ae70c6f9\inetcpl.cpl
[2014-06-11 05:57][2014-05-30 07:49] 1964544 ____A (Microsoft Corporation) C69FDD49AB9E8BCF2BAAC469CE0CC756 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17041_none_159fff3cae665d91\inetcpl.cpl
[2014-04-12 10:17][2014-03-06 06:40] 1967104 ____A (Microsoft Corporation) C4A383FD50FBD7E274DD41CF571DF898 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16521_none_1567ed26ae90b971\inetcpl.cpl
[2014-03-12 18:50][2014-03-01 03:00] 1964032 ____A (Microsoft Corporation) E23497E11866154A97BA9877656113FE [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16518_none_15664d64ae925381\inetcpl.cpl
[2014-02-12 22:49][2014-02-06 09:09] 1964032 ____A (Microsoft Corporation) 40E68599FE3A10F816217D3789FCE74E [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16476_none_15774c9cae849c58\inetcpl.cpl
[2013-12-16 06:56][2013-11-26 07:32] 1928192 ____A (Microsoft Corporation) 84EAF0A08C7742697816E148C066D757 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16428_none_15721d9aae8950e7\inetcpl.cpl
[2013-12-15 01:59][2013-12-15 01:59] 1926656 ____A (Microsoft Corporation) 81A605B0F3A29A117AB83A08D40F772F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_10.2.9200.16521_none_b0f4a42109eebd04\inetcpl.cpl
[2013-04-30 06:34][2013-04-30 06:34] 1441280 ____A (Microsoft Corporation) 9D9AC6CE9A9D951AC40DE91CD6F0A620 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_0425a3073dc61945\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 06:37] 1494528 ____A (Microsoft Corporation) 48A56DF9CB399D726E6826E8A72A6D45 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20580_none_041fa14b3dcb813b\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 07:15] 1494528 ____A (Microsoft Corporation) D236C97889267BA4BCB0B28A85C21372 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20573_none_042d72153dc0b14f\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 23:54] 1494528 ____A (Microsoft Corporation) 94C8A104D47D429DD8D99EC694C68202 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20565_none_043a42953db6c80c\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 03:59] 1494528 ____A (Microsoft Corporation) 7520BC489F649D41A95AA0572CE91A5C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20562_none_043741b73db97c07\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 10:10] 1494528 ____A (Microsoft Corporation) 962C89C1D84904444AB033F25BA62AAF [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20557_none_044713153dacdec9\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 09:52] 1494528 ____A (Microsoft Corporation) 479C3BD99156E0792ADD19CDE5F820FA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_03a6d62824a05d8a\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 06:19] 1494528 ____A (Microsoft Corporation) 2A0AD3BE38087708D03F4A1A80A1C655 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16470_none_03a0d46c24a5c580\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 06:47] 1494528 ____A (Microsoft Corporation) 406533EADD808A7A9B5A022F298C6841 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16464_none_03afa580249a0eeb\inetcpl.cpl
[2013-02-15 07:18][2013-01-09 01:11] 1494528 ____A (Microsoft Corporation) 5A4BC13F8C53017C9147B448870562CD [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16457_none_03bd764a248f3eff\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 06:02] 1494528 ____A (Microsoft Corporation) FD126186C7434D5214093A4A87A0D63F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16455_none_03bb75b624910c51\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 11:22] 1494528 ____A (Microsoft Corporation) 11103CC5A1A78E347BBDDAC564256D1A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16450_none_03b6744424958d9e\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 10:20] 1494528 ____A (Microsoft Corporation) 653D9EC63F8A03185B4DC5DF21AC0A1A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16421_none_03d7e452247c5322\inetcpl.cpl
[2011-10-19 23:59][2011-10-19 23:59] 1492992 ____A (Microsoft Corporation) CDBB96D9C82B6E1BAFD0B83369070B7B [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_0819f2b6df7a1335\inetcpl.cpl
[2010-11-21 03:24][2010-11-21 03:24] 1538560 ____A (Microsoft Corporation) FCFF56E69B4961BFB2599E14E7EB7FDE [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18537_none_7187041066edd812\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 18:08] 2131456 ____A (Microsoft Corporation) 5A297B37F246F5DF68DDF8803AB1D615 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18524_none_7186481e66ee71d8\inetcpl.cpl
[2016-11-09 11:52][2016-10-27 17:44] 2131456 ____A (Microsoft Corporation) C6B55B3EE3A52D875262CC9B4BDE0434 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18499_none_7197a82866e0876d\inetcpl.cpl
[2016-10-12 12:18][2016-09-30 05:31] 2131456 ____A (Microsoft Corporation) 3134C92FB2A4BD4D17B9ADE6D5284214 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18449_none_7192a6b666e508ba\inetcpl.cpl
[2016-09-15 10:58][2016-08-31 23:26] 2131456 ____A (Microsoft Corporation) F4C01905813E54CD5BA23723B266913E [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18426_none_7190ea7a66e68929\inetcpl.cpl
[2016-08-10 16:54][2016-08-02 05:36] 2131456 ____A (Microsoft Corporation) 50828D61E8A3205B337DC49A7C3FFF38 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18376_none_71a0bbd866d9ebeb\inetcpl.cpl
[2016-07-13 13:46][2016-06-10 20:10] 2131456 ____A (Microsoft Corporation) 43E8324CA8458D9B6253928620EA059C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9\inetcpl.cpl
[2016-06-15 13:01][2016-05-20 21:06] 2131968 ____A (Microsoft Corporation) D4A12AC117664A2A3F958F9A8986DC8C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18314_none_719ae7ac66df209f\inetcpl.cpl
[2016-05-11 13:07][2016-04-23 04:05] 2131968 ____A (Microsoft Corporation) 208AFA0857AFB83E4C4E25708079F6DC [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18282_none_71ace72e66d082cd\inetcpl.cpl
[2016-04-14 10:56][2016-03-30 23:42] 2131968 ____A (Microsoft Corporation) 873DFCA620963C330BC8E3E37B972A96 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18230_none_71a8134c66d4d0d8\inetcpl.cpl
[2016-03-09 12:19][2016-02-08 17:33] 2123264 ____A (Microsoft Corporation) 3E116772A7B17F05C6F26EA613949D98 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18204_none_71a4b74e66d7eb57\inetcpl.cpl
[2016-02-10 12:39][2016-01-22 05:46] 2123264 ____A (Microsoft Corporation) 31BFBD55D80391FE1F57C5F08520AB19 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18163_none_71b59fbe66ca4dcf\inetcpl.cpl
[2016-01-13 14:26][2015-12-12 17:20] 2123264 ____A (Microsoft Corporation) CF6B70A265ADA05CC55D57D9DE8B06E0 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18124_none_71b187ce66ce0214\inetcpl.cpl
[2015-12-09 11:12][2015-11-08 21:13] 2123264 ____A (Microsoft Corporation) 6D86F7F6C9FE6059B610DB1D6EF77659 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18097_none_71c3156866bfe467\inetcpl.cpl
[2015-11-11 12:22][2015-10-30 22:29] 2126336 ____A (Microsoft Corporation) 423072B7A458E1B274812796721197BE [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18059_none_71bee6b066c3b24d\inetcpl.cpl
[2015-10-14 09:04][2015-09-16 03:26] 2126336 ____A (Microsoft Corporation) 7C3050383491011FEDD40961A37A2D99 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18015_none_71bb40a866c6e66d\inetcpl.cpl
[2015-09-09 11:35][2015-08-15 05:22] 2126336 ____A (Microsoft Corporation) 39AD1102270EB183B03AA5A0362201D1 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17959_none_715d957e670cb09f\inetcpl.cpl
[2015-08-28 07:10][2015-07-16 19:32] 2125824 ____A (Microsoft Corporation) 43AF91A40E44205272335E33B7BBA4C3 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17914_none_715a063e670fcb1e\inetcpl.cpl
[2015-07-15 09:36][2015-06-20 18:46] 2125824 ____A (Microsoft Corporation) 58243D92748201D38AACDAEA22527412 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17843_none_7167edd06704e191\inetcpl.cpl
[2015-06-10 06:56][2015-05-22 18:05] 2125824 ____A (Microsoft Corporation) FF84182188CA8F0DC28CFED06C9B7816 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17801_none_71641a38670848f3\inetcpl.cpl
[2015-05-13 10:36][2015-04-21 15:46] 2125824 ____A (Microsoft Corporation) F918BE3C5ACA0B6485D725CC1A5348DC [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17728_none_71704b4066ff1317\inetcpl.cpl
[2015-04-15 06:11][2015-03-13 03:05] 2125824 ____A (Microsoft Corporation) 706A56A863BD5F24FC98EF5E2D0582AD [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_7182bcaa66eff520\inetcpl.cpl
[2015-03-11 07:19][2015-02-20 01:46] 2125824 ____A (Microsoft Corporation) 22C4867C690C38B18B2C1A0B072CD0C4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17633_none_717c8d5e66f59058\inetcpl.cpl
[2015-02-11 11:10][2015-01-12 01:46] 2125824 ____A (Microsoft Corporation) 15842FB41A3BF2A2F5071518B38C957A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_718489fc66eff520\inetcpl.cpl
[2014-12-10 07:06][2014-11-22 01:46] 2125312 ____A (Microsoft Corporation) 3FE71E2A5BD3EC652E64FC8BCEFEDD2C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17420_none_7191714466e5f23c\inetcpl.cpl
[2014-11-12 07:01][2014-11-06 02:38] 2124288 ____A (Microsoft Corporation) 5C9D58591D0091630452B04F35527240 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17358_none_719e8bce66dbef58\inetcpl.cpl
[2014-10-15 06:11][2014-09-25 22:31] 2108416 ____A (Microsoft Corporation) 646C004F58AA4762F92BF7C595216C37 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17280_none_71ad12d866d05264\inetcpl.cpl
[2014-09-12 22:21][2014-08-18 21:23] 2104832 ____A (Microsoft Corporation) 97752927B6E2401011A96E0D6082E403 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17239_none_71a7445e66d5ba5a\inetcpl.cpl
[2014-08-14 21:27][2014-07-25 11:39] 2087936 ____A (Microsoft Corporation) 39A85C005BCDEEF4092646EBBC2526AA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17207_none_71a4711066d83b13\inetcpl.cpl
[2014-07-09 10:20][2014-06-18 23:27] 2040832 ____A (Microsoft Corporation) 1685AA234852657C4A6D253CCBBE84E0 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17126_none_71b1585866ce382f\inetcpl.cpl
[2014-06-11 05:57][2014-05-30 08:23] 2040832 ____A (Microsoft Corporation) 3FC3828E8820D1C93DBFBAD4BE456D85 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17041_none_71be9ac066c3cec7\inetcpl.cpl
[2014-04-12 10:17][2014-03-06 07:11] 2043904 ____A (Microsoft Corporation) 1654093C8BD3342997D27B71684ACCE8 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16521_none_718688aa66ee2aa7\inetcpl.cpl
[2014-03-12 18:50][2014-03-01 03:35] 2041856 ____A (Microsoft Corporation) B3DFA392735A5FBE2896BAB67950123A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16518_none_7184e8e866efc4b7\inetcpl.cpl
[2014-02-12 22:49][2014-02-06 09:50] 2041856 ____A (Microsoft Corporation) 83296DE8CFFEADA636DCC1AB2E3BF643 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16476_none_7195e82066e20d8e\inetcpl.cpl
[2013-12-16 06:56][2013-11-26 08:02] 1995264 ____A (Microsoft Corporation) FA30E3DC75EA42FE19B819F30FBDED8D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16428_none_7190b91e66e6c21d\inetcpl.cpl
[2013-12-15 01:59][2013-12-15 01:59] 1993728 ____A (Microsoft Corporation) 612DC699EBF0AA1AAA065898D33B553A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_10.2.9200.16521_none_0d133fa4c24c2e3a\inetcpl.cpl
[2013-04-30 06:34][2013-04-30 06:34] 1509376 ____A (Microsoft Corporation) ADE73A865A5F136E84F49BB6B1627C6E [File is digitally signed]
 
C:\Windows\SysWOW64\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 17:36] 2055680 ____A (Microsoft Corporation) 16C100872F41862877C115828B0D1569 [File is digitally signed]
 
C:\Windows\System32\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 18:08] 2131456 ____A (Microsoft Corporation) 5A297B37F246F5DF68DDF8803AB1D615 [File is digitally signed]
 
====== End of Search ======Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Pufferfish (02-02-2017 15:14:01)
Running from C:\Users\Pufferfish\Desktop
Boot Mode: Normal
 
================== Search Files: "inetcpl.cpl" =============
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_a80707838568a80f\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 03:35] 1427968 ____A (Microsoft Corporation) 1C09A242097DCAF33C7BA79C73660FFC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20580_none_a80105c7856e1005\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 03:36] 1427968 ____A (Microsoft Corporation) CC56165E2965CEBEC74DE61C94F943F8 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20573_none_a80ed69185634019\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 20:42] 1427968 ____A (Microsoft Corporation) 93CD673C183C6280E8BB9C478665CFE3 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20565_none_a81ba711855956d6\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 01:33] 1427968 ____A (Microsoft Corporation) 7C8AF905D8DB2A18F865ACACCABA3200 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20562_none_a818a633855c0ad1\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 07:37] 1427968 ____A (Microsoft Corporation) 14E48FBFAF842E1C8AC67E21641D2136 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20557_none_a8287791854f6d93\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 07:12] 1427968 ____A (Microsoft Corporation) F36E843627A3DDD162D5509E6822920A [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_a7883aa46c42ec54\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 03:37] 1427968 ____A (Microsoft Corporation) CA78BA218B423C7F22B14906308B8B02 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16470_none_a78238e86c48544a\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 03:30] 1427968 ____A (Microsoft Corporation) 2A324C44A1B2352EF5F2E1C8984935C0 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16464_none_a79109fc6c3c9db5\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 22:03] 1427968 ____A (Microsoft Corporation) 470D8189D7FE9928FFFECBF55AAA3233 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16457_none_a79edac66c31cdc9\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 01:58] 1427968 ____A (Microsoft Corporation) DE6652B4B4E9795B53142959FD02A4EB [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16455_none_a79cda326c339b1b\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 07:47] 1427968 ____A (Microsoft Corporation) 70D02070AC871E388654C4622215D589 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16450_none_a797d8c06c381c68\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 06:51] 1427968 ____A (Microsoft Corporation) 020C295B09C7DDAE8B13CB9DE0758B4A [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16421_none_a7b948ce6c1ee1ec\inetcpl.cpl
[2011-10-19 23:59][2011-10-19 23:59] 1427456 ____A (Microsoft Corporation) 11086A81EB001967452FF9EC8B926613 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_abfb5733271ca1ff\inetcpl.cpl
[2010-11-21 03:25][2010-11-21 03:25] 1466368 ____A (Microsoft Corporation) 689C8B052E742E054402359F3685FE10 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18537_none_1568688cae9066dc\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 17:36] 2055680 ____A (Microsoft Corporation) 16C100872F41862877C115828B0D1569 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18524_none_1567ac9aae9100a2\inetcpl.cpl
[2016-11-09 11:52][2016-10-22 16:43] 2055680 ____A (Microsoft Corporation) B28D24BE79655AA49DE182B2B425D7D2 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18499_none_15790ca4ae831637\inetcpl.cpl
[2016-10-12 12:18][2016-09-30 05:05] 2055680 ____A (Microsoft Corporation) 85802A0DD8D7E3C61CFFD1874B140953 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18449_none_15740b32ae879784\inetcpl.cpl
[2016-09-15 10:58][2016-09-01 01:29] 2055680 ____A (Microsoft Corporation) 4182A960B163AE8E9B4C5AE1F1FBDF20 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18426_none_15724ef6ae8917f3\inetcpl.cpl
[2016-08-10 16:54][2016-08-02 05:14] 2055680 ____A (Microsoft Corporation) 8560664EC9AFDB4DB83F32A326509259 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18376_none_15822054ae7c7ab5\inetcpl.cpl
[2016-07-13 13:46][2016-06-10 18:09] 2055680 ____A (Microsoft Corporation) 139DB1A85FDDB6FA8558FBD31749922D [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_157edb1eae7f7b93\inetcpl.cpl
[2016-06-15 13:01][2016-05-20 21:08] 2055680 ____A (Microsoft Corporation) 5B89A8DE3B6E1B2BD460005829152F9E [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18314_none_157c4c28ae81af69\inetcpl.cpl
[2016-05-11 13:07][2016-04-23 03:30] 2056192 ____A (Microsoft Corporation) A77B4ECEAE257BADF43E3DB157D06FDD [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18282_none_158e4baaae731197\inetcpl.cpl
[2016-04-14 10:56][2016-03-30 23:23] 2056192 ____A (Microsoft Corporation) 96537B3B2E17273D4B4DB5A061B5D07B [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18230_none_158977c8ae775fa2\inetcpl.cpl
[2016-03-09 12:19][2016-02-08 20:01] 2050560 ____A (Microsoft Corporation) F513214BA350CF5D0D362A002FE79733 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18204_none_15861bcaae7a7a21\inetcpl.cpl
[2016-02-10 12:39][2016-01-22 05:24] 2050560 ____A (Microsoft Corporation) 6483EA614DA752566A20EC8CB20E7B3F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18163_none_1597043aae6cdc99\inetcpl.cpl
[2016-01-13 14:26][2015-12-12 17:00] 2050560 ____A (Microsoft Corporation) 9DA0FD6D5B8E2FAD8967A617FD142C6D [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18124_none_1592ec4aae7090de\inetcpl.cpl
[2015-12-09 11:12][2015-11-09 23:36] 2050560 ____A (Microsoft Corporation) DD99C9D2CA3F9B3D63B965B4EDDAE612 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18097_none_15a479e4ae627331\inetcpl.cpl
[2015-11-11 12:22][2015-10-30 22:09] 2052608 ____A (Microsoft Corporation) 8F13B52696EB7B0D24039E5CB24C088F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18059_none_15a04b2cae664117\inetcpl.cpl
[2015-10-14 09:04][2015-09-16 02:55] 2052608 ____A (Microsoft Corporation) 816B489E2BBFE2479C844AAD486ABB42 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18015_none_159ca524ae697537\inetcpl.cpl
[2015-09-09 11:35][2015-08-15 05:01] 2052608 ____A (Microsoft Corporation) 810525827BFE17A1E99C78C39A8D52BB [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17959_none_153ef9faaeaf3f69\inetcpl.cpl
[2015-08-28 07:10][2015-07-16 19:06] 2052608 ____A (Microsoft Corporation) D1D3DB57C68A2A62E03DD973F53CEA18 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17914_none_153b6abaaeb259e8\inetcpl.cpl
[2015-07-15 09:37][2015-06-19 17:40] 2052608 ____A (Microsoft Corporation) CC044CFF6018AD0368AF3A8149721407 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17843_none_1549524caea7705b\inetcpl.cpl
[2015-06-10 06:56][2015-05-23 02:37] 2052608 ____A (Microsoft Corporation) 4ABEEF30EA5B9F4718312DCB60B6C9BC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17801_none_15457eb4aeaad7bd\inetcpl.cpl
[2015-05-13 10:37][2015-04-21 15:25] 2052608 ____A (Microsoft Corporation) 136687227F11CE928CB05F4FD90319AC [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17728_none_1551afbcaea1a1e1\inetcpl.cpl
[2015-04-15 06:11][2015-03-13 02:43] 2052608 ____A (Microsoft Corporation) 8A083313C1F7F50098D1D4F2FC092BD1 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_15642126ae9283ea\inetcpl.cpl
[2015-03-11 07:19][2015-02-20 01:24] 2052608 ____A (Microsoft Corporation) A34897A1A39316BDECCA3E61986F98F2 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17633_none_155df1daae981f22\inetcpl.cpl
[2015-02-11 11:10][2015-01-12 01:23] 2052608 ____A (Microsoft Corporation) AD3F5926EC2C1F21FB45D1CDED6E2A47 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_1565ee78ae9283ea\inetcpl.cpl
[2014-12-10 07:06][2014-11-22 01:22] 2052096 ____A (Microsoft Corporation) 543ADCEA31CF9C2B4EEB900D4AAFD0F9 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17420_none_1572d5c0ae888106\inetcpl.cpl
[2014-11-12 07:01][2014-11-06 02:21] 2051072 ____A (Microsoft Corporation) 7748B3DDDC92C7FC11F7462DB872E8E7 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17358_none_157ff04aae7e7e22\inetcpl.cpl
[2014-10-15 06:11][2014-09-25 22:32] 2017280 ____A (Microsoft Corporation) 835807E2AC0A8FA15B9A2EA80E2D5169 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17280_none_158e7754ae72e12e\inetcpl.cpl
[2014-09-12 22:21][2014-08-18 21:08] 2014208 ____A (Microsoft Corporation) 6A3A809CA7A8F40C89E6F1D301898A66 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17239_none_1588a8daae784924\inetcpl.cpl
[2014-08-14 21:27][2014-07-25 11:07] 2001920 ____A (Microsoft Corporation) E70C00791A18866BB23B3A652E3390A0 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17207_none_1585d58cae7ac9dd\inetcpl.cpl
[2014-07-09 10:20][2014-06-18 22:45] 1964544 ____A (Microsoft Corporation) 4B774E842F268D51DB942EF9637828B9 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17126_none_1592bcd4ae70c6f9\inetcpl.cpl
[2014-06-11 05:57][2014-05-30 07:49] 1964544 ____A (Microsoft Corporation) C69FDD49AB9E8BCF2BAAC469CE0CC756 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17041_none_159fff3cae665d91\inetcpl.cpl
[2014-04-12 10:17][2014-03-06 06:40] 1967104 ____A (Microsoft Corporation) C4A383FD50FBD7E274DD41CF571DF898 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16521_none_1567ed26ae90b971\inetcpl.cpl
[2014-03-12 18:50][2014-03-01 03:00] 1964032 ____A (Microsoft Corporation) E23497E11866154A97BA9877656113FE [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16518_none_15664d64ae925381\inetcpl.cpl
[2014-02-12 22:49][2014-02-06 09:09] 1964032 ____A (Microsoft Corporation) 40E68599FE3A10F816217D3789FCE74E [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16476_none_15774c9cae849c58\inetcpl.cpl
[2013-12-16 06:56][2013-11-26 07:32] 1928192 ____A (Microsoft Corporation) 84EAF0A08C7742697816E148C066D757 [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16428_none_15721d9aae8950e7\inetcpl.cpl
[2013-12-15 01:59][2013-12-15 01:59] 1926656 ____A (Microsoft Corporation) 81A605B0F3A29A117AB83A08D40F772F [File is digitally signed]
 
C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_10.2.9200.16521_none_b0f4a42109eebd04\inetcpl.cpl
[2013-04-30 06:34][2013-04-30 06:34] 1441280 ____A (Microsoft Corporation) 9D9AC6CE9A9D951AC40DE91CD6F0A620 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20586_none_0425a3073dc61945\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 06:37] 1494528 ____A (Microsoft Corporation) 48A56DF9CB399D726E6826E8A72A6D45 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20580_none_041fa14b3dcb813b\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 07:15] 1494528 ____A (Microsoft Corporation) D236C97889267BA4BCB0B28A85C21372 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20573_none_042d72153dc0b14f\inetcpl.cpl
[2013-02-15 07:18][2013-01-08 23:54] 1494528 ____A (Microsoft Corporation) 94C8A104D47D429DD8D99EC694C68202 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20565_none_043a42953db6c80c\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 03:59] 1494528 ____A (Microsoft Corporation) 7520BC489F649D41A95AA0572CE91A5C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20562_none_043741b73db97c07\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 10:10] 1494528 ____A (Microsoft Corporation) 962C89C1D84904444AB033F25BA62AAF [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.20557_none_044713153dacdec9\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 09:52] 1494528 ____A (Microsoft Corporation) 479C3BD99156E0792ADD19CDE5F820FA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16476_none_03a6d62824a05d8a\inetcpl.cpl
[2013-04-11 06:22][2013-02-22 06:19] 1494528 ____A (Microsoft Corporation) 2A0AD3BE38087708D03F4A1A80A1C655 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16470_none_03a0d46c24a5c580\inetcpl.cpl
[2013-03-14 08:01][2013-02-02 06:47] 1494528 ____A (Microsoft Corporation) 406533EADD808A7A9B5A022F298C6841 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16464_none_03afa580249a0eeb\inetcpl.cpl
[2013-02-15 07:18][2013-01-09 01:11] 1494528 ____A (Microsoft Corporation) 5A4BC13F8C53017C9147B448870562CD [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16457_none_03bd764a248f3eff\inetcpl.cpl
[2012-12-13 09:43][2012-11-14 06:02] 1494528 ____A (Microsoft Corporation) FD126186C7434D5214093A4A87A0D63F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16455_none_03bb75b624910c51\inetcpl.cpl
[2012-11-16 23:04][2012-10-08 11:22] 1494528 ____A (Microsoft Corporation) 11103CC5A1A78E347BBDDAC564256D1A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16450_none_03b6744424958d9e\inetcpl.cpl
[2012-09-30 22:40][2012-08-24 10:20] 1494528 ____A (Microsoft Corporation) 653D9EC63F8A03185B4DC5DF21AC0A1A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_9.4.8112.16421_none_03d7e452247c5322\inetcpl.cpl
[2011-10-19 23:59][2011-10-19 23:59] 1492992 ____A (Microsoft Corporation) CDBB96D9C82B6E1BAFD0B83369070B7B [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.7601.17514_none_0819f2b6df7a1335\inetcpl.cpl
[2010-11-21 03:24][2010-11-21 03:24] 1538560 ____A (Microsoft Corporation) FCFF56E69B4961BFB2599E14E7EB7FDE [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18537_none_7187041066edd812\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 18:08] 2131456 ____A (Microsoft Corporation) 5A297B37F246F5DF68DDF8803AB1D615 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18524_none_7186481e66ee71d8\inetcpl.cpl
[2016-11-09 11:52][2016-10-27 17:44] 2131456 ____A (Microsoft Corporation) C6B55B3EE3A52D875262CC9B4BDE0434 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18499_none_7197a82866e0876d\inetcpl.cpl
[2016-10-12 12:18][2016-09-30 05:31] 2131456 ____A (Microsoft Corporation) 3134C92FB2A4BD4D17B9ADE6D5284214 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18449_none_7192a6b666e508ba\inetcpl.cpl
[2016-09-15 10:58][2016-08-31 23:26] 2131456 ____A (Microsoft Corporation) F4C01905813E54CD5BA23723B266913E [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18426_none_7190ea7a66e68929\inetcpl.cpl
[2016-08-10 16:54][2016-08-02 05:36] 2131456 ____A (Microsoft Corporation) 50828D61E8A3205B337DC49A7C3FFF38 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18376_none_71a0bbd866d9ebeb\inetcpl.cpl
[2016-07-13 13:46][2016-06-10 20:10] 2131456 ____A (Microsoft Corporation) 43E8324CA8458D9B6253928620EA059C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18349_none_719d76a266dcecc9\inetcpl.cpl
[2016-06-15 13:01][2016-05-20 21:06] 2131968 ____A (Microsoft Corporation) D4A12AC117664A2A3F958F9A8986DC8C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18314_none_719ae7ac66df209f\inetcpl.cpl
[2016-05-11 13:07][2016-04-23 04:05] 2131968 ____A (Microsoft Corporation) 208AFA0857AFB83E4C4E25708079F6DC [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18282_none_71ace72e66d082cd\inetcpl.cpl
[2016-04-14 10:56][2016-03-30 23:42] 2131968 ____A (Microsoft Corporation) 873DFCA620963C330BC8E3E37B972A96 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18230_none_71a8134c66d4d0d8\inetcpl.cpl
[2016-03-09 12:19][2016-02-08 17:33] 2123264 ____A (Microsoft Corporation) 3E116772A7B17F05C6F26EA613949D98 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18204_none_71a4b74e66d7eb57\inetcpl.cpl
[2016-02-10 12:39][2016-01-22 05:46] 2123264 ____A (Microsoft Corporation) 31BFBD55D80391FE1F57C5F08520AB19 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18163_none_71b59fbe66ca4dcf\inetcpl.cpl
[2016-01-13 14:26][2015-12-12 17:20] 2123264 ____A (Microsoft Corporation) CF6B70A265ADA05CC55D57D9DE8B06E0 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18124_none_71b187ce66ce0214\inetcpl.cpl
[2015-12-09 11:12][2015-11-08 21:13] 2123264 ____A (Microsoft Corporation) 6D86F7F6C9FE6059B610DB1D6EF77659 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18097_none_71c3156866bfe467\inetcpl.cpl
[2015-11-11 12:22][2015-10-30 22:29] 2126336 ____A (Microsoft Corporation) 423072B7A458E1B274812796721197BE [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18059_none_71bee6b066c3b24d\inetcpl.cpl
[2015-10-14 09:04][2015-09-16 03:26] 2126336 ____A (Microsoft Corporation) 7C3050383491011FEDD40961A37A2D99 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.18015_none_71bb40a866c6e66d\inetcpl.cpl
[2015-09-09 11:35][2015-08-15 05:22] 2126336 ____A (Microsoft Corporation) 39AD1102270EB183B03AA5A0362201D1 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17959_none_715d957e670cb09f\inetcpl.cpl
[2015-08-28 07:10][2015-07-16 19:32] 2125824 ____A (Microsoft Corporation) 43AF91A40E44205272335E33B7BBA4C3 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17914_none_715a063e670fcb1e\inetcpl.cpl
[2015-07-15 09:36][2015-06-20 18:46] 2125824 ____A (Microsoft Corporation) 58243D92748201D38AACDAEA22527412 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17843_none_7167edd06704e191\inetcpl.cpl
[2015-06-10 06:56][2015-05-22 18:05] 2125824 ____A (Microsoft Corporation) FF84182188CA8F0DC28CFED06C9B7816 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17801_none_71641a38670848f3\inetcpl.cpl
[2015-05-13 10:36][2015-04-21 15:46] 2125824 ____A (Microsoft Corporation) F918BE3C5ACA0B6485D725CC1A5348DC [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17728_none_71704b4066ff1317\inetcpl.cpl
[2015-04-15 06:11][2015-03-13 03:05] 2125824 ____A (Microsoft Corporation) 706A56A863BD5F24FC98EF5E2D0582AD [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17691_none_7182bcaa66eff520\inetcpl.cpl
[2015-03-11 07:19][2015-02-20 01:46] 2125824 ____A (Microsoft Corporation) 22C4867C690C38B18B2C1A0B072CD0C4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17633_none_717c8d5e66f59058\inetcpl.cpl
[2015-02-11 11:10][2015-01-12 01:46] 2125824 ____A (Microsoft Corporation) 15842FB41A3BF2A2F5071518B38C957A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_718489fc66eff520\inetcpl.cpl
[2014-12-10 07:06][2014-11-22 01:46] 2125312 ____A (Microsoft Corporation) 3FE71E2A5BD3EC652E64FC8BCEFEDD2C [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17420_none_7191714466e5f23c\inetcpl.cpl
[2014-11-12 07:01][2014-11-06 02:38] 2124288 ____A (Microsoft Corporation) 5C9D58591D0091630452B04F35527240 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17358_none_719e8bce66dbef58\inetcpl.cpl
[2014-10-15 06:11][2014-09-25 22:31] 2108416 ____A (Microsoft Corporation) 646C004F58AA4762F92BF7C595216C37 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17280_none_71ad12d866d05264\inetcpl.cpl
[2014-09-12 22:21][2014-08-18 21:23] 2104832 ____A (Microsoft Corporation) 97752927B6E2401011A96E0D6082E403 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17239_none_71a7445e66d5ba5a\inetcpl.cpl
[2014-08-14 21:27][2014-07-25 11:39] 2087936 ____A (Microsoft Corporation) 39A85C005BCDEEF4092646EBBC2526AA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17207_none_71a4711066d83b13\inetcpl.cpl
[2014-07-09 10:20][2014-06-18 23:27] 2040832 ____A (Microsoft Corporation) 1685AA234852657C4A6D253CCBBE84E0 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17126_none_71b1585866ce382f\inetcpl.cpl
[2014-06-11 05:57][2014-05-30 08:23] 2040832 ____A (Microsoft Corporation) 3FC3828E8820D1C93DBFBAD4BE456D85 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17041_none_71be9ac066c3cec7\inetcpl.cpl
[2014-04-12 10:17][2014-03-06 07:11] 2043904 ____A (Microsoft Corporation) 1654093C8BD3342997D27B71684ACCE8 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16521_none_718688aa66ee2aa7\inetcpl.cpl
[2014-03-12 18:50][2014-03-01 03:35] 2041856 ____A (Microsoft Corporation) B3DFA392735A5FBE2896BAB67950123A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16518_none_7184e8e866efc4b7\inetcpl.cpl
[2014-02-12 22:49][2014-02-06 09:50] 2041856 ____A (Microsoft Corporation) 83296DE8CFFEADA636DCC1AB2E3BF643 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16476_none_7195e82066e20d8e\inetcpl.cpl
[2013-12-16 06:56][2013-11-26 08:02] 1995264 ____A (Microsoft Corporation) FA30E3DC75EA42FE19B819F30FBDED8D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.16428_none_7190b91e66e6c21d\inetcpl.cpl
[2013-12-15 01:59][2013-12-15 01:59] 1993728 ____A (Microsoft Corporation) 612DC699EBF0AA1AAA065898D33B553A [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_10.2.9200.16521_none_0d133fa4c24c2e3a\inetcpl.cpl
[2013-04-30 06:34][2013-04-30 06:34] 1509376 ____A (Microsoft Corporation) ADE73A865A5F136E84F49BB6B1627C6E [File is digitally signed]
 
C:\Windows\SysWOW64\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 17:36] 2055680 ____A (Microsoft Corporation) 16C100872F41862877C115828B0D1569 [File is digitally signed]
 
C:\Windows\System32\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 18:08] 2131456 ____A (Microsoft Corporation) 5A297B37F246F5DF68DDF8803AB1D615 [File is digitally signed]
 
====== End of Search ======


#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:28 PM

Posted 02 February 2017 - 04:36 PM

Hi Tapir

Thanks for the CHKDSK report.
Seems there were a few errors.

As far as the search for inetcpl.cpl, as you can see the file is in place and is digitally signed:

C:\Windows\SysWOW64\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 17:36] 2055680 ____A (Microsoft Corporation) 16C100872F41862877C115828B0D1569 [File is digitally signed]

C:\Windows\System32\inetcpl.cpl
[2016-12-14 11:35][2016-11-12 18:08] 2131456 ____A (Microsoft Corporation) 5A297B37F246F5DF68DDF8803AB1D615 [File is digitally signed]


So let's try something else.
inetcpl.cpl is a part of Internet Explorer, as we can't get into the Internet Options to reset IE... let's uninstall IE and download a fresh copy.
But first of all please disable McAfee. (It may interfere )
How to temporarily Disable McAfee

When you uninstall Internet Explorer 11 from your system..... The system will restore the previous version of Internet Explorer that was installed.
This can be IE8,9 or 10 depending on whether the browser has been upgraded in the past.
Which ever it is, you will still have a working copy of IE.
  • Click on the start menu and select Control Panel from the menu that opens up.
  • Select Uninstall a program under Programs.
  • Internet Explorer 11 is not listed in the installed programs listing.
    It is listed as an update, so select View installed updates from the left sidebar.
  • The browser is listed in the Microsoft Windows group.
  • Right click on Internet Explorer 11 and select Uninstall.
uninstall-internet-explorer11_zpsujqzuwc

This removes Internet Explorer 11 from the Windows 7 system and replaces it with the version of the browser that was installed before it.
You can then keep using that browser, or update back to IE11 from this link: Internet Explorer 11 for Windows 7
I would recommend updating back to IE 11.

Once IE11 has been reinstalled, check to see if you can get into Internet Options.
Then re-enable McAfee.

Let me know how it goes.

BBPP6nz.png


#15 Tapir

Tapir
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 04 February 2017 - 03:49 PM

Hi

 

So... firstly, I managed to update the Malwarebytes trial to the most recent version and did a scan which didn't find anything so that's great.  :bananas:

 

Just now, I disabled McAfee using the steps in the link and disabled both real-time scanning and firewall before trying to install IE11. I tried uninstalling it following the instructions and a message came up after a few minutes saying that the program couldn't be uninstalled. Not sure why that is! To be honest, I'm not that computer savvy and don't know exactly why I would need to access internet options but the name itself suggests it would be good if I did have access! 

 

Just to let you know, I'm going to be away for a few days (until Wed evening) so won't be able to reply again until then. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users