Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue IAT Hooks, SSL disabled, browsers / suspicious activity & hacked?


  • This topic is locked This topic is locked
74 replies to this topic

#1 HelpingT

HelpingT

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 11 December 2015 - 09:26 AM

Hi there,

 

I have been 10 weeks now with trying to sort out problems on two laptops, This is now a brand new HP laptop running WINDOWS 10 ( 64 bit ) with new laptop I ran the secuirty software immediately Mcafee LiveSafe, and using Mcafee SafeKey password software extension on Firefox and once confident all was working ok, I downloaded Malwarebytes too, and had used this before. ( premium )

 

I began to surf the net. I began experiencing toolbar hijacking, webpages not looking as they should mcafee WebAdvisor not working after using the Mcafee Virtual Ttechnician tool, it would show 3 files constantly missing in the registry, I spoke with macafee techicians whom helped me download the webadvisor again ( remote ) and reinstalled the webadvisor software again but somehow we got cut off from the tech chat and I eneded up trying to make good any work we had done together alone. I then managed once more to make sure the full mcafee software web advisor software was functioning and all seemed ok. Till I ran the Virtual technician again and the same files showed as missing.

 

My browser setting preferences have been constantly changed and even though I change them back they revert back to yahoo search. After running one of the antivirus tools I think Rougue killer or TDDS killer It found conduit malware / browser virus search toolbar - I contacted the macafee tech support again and was helped once more, until it seemd they could not any longer or item was ( their interpretation )  'seemingly resolved'. I asked about Network threats and the activity i was experienceing unusual ip addreses on network / google locations and facebook logins placing me at 200 mile apart changing locations, and once in the United States, and that an android device was listed on the network but all hardware in the home is iphone apple based and that every time I deleted an offline ip address from the network it would come back, I asked if I was being hacked, but they advised they dont have any network protection software ??

 

I called BTBroadband and discussed with them and they helped me reset the router (pin reset ) and I was then given an IPV4 address, but problems returned. I then called them back again after I recived an email saying my password request to change has to use a reset link - I emailed the company directly and said i did not request this, I changed the passowrd and any financial details at the website and then called BTbroadband for techinical assistance again.  Ifeel I have been hacked and dont kow how? I have had the broadband internet channel changed "as a precaution" they said, and have been assured that all will be well and 'hacker free'.  I have run the following tools from Bleeping Computer as all my google searches ened up at these forums. I have used a number of the tools ( and macafee LiveSafe ) which found the following :

 

  • Macafee WebTech which showed SSL disabled ( security sockets layer )
  • Macfee LiveSafe = all secure but quick clean leaves 2 temp files that  "cant be removed"
  • Malwarebytes = nothing
  • RKill = 0.0.0.1    mssplus.mcafee.com and also a number of 'incorrect image paths '
  • RougeKiller,  hostfile mssmcafee and ( killed but keeps returning) Two IAT hooks 'path suscpicious' status
  • TDSS killer = nothing now
  • I think I may have also used HitmanPro
  • and Adware

I was trying to seek info and resolve myself, but I give up now, I'm fairly exhausted and really need some proper help.  Please can you let me know how things stand NOW with the laptop and is it secure and virus free?

 

many thanks, will only do as I'm told too and hope I havent messed things up - Thankyou kindly for any help you can give me.

 

 

 

This is the FRST and Addition scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by patri (administrator) on MYLAPTOPNOV (11-12-2015 12:24:31)
Running from C:\Users\patri\Downloads
Loaded Profiles: patri (Available Profiles: patri)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-24] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [228568 2015-06-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-11-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\RunOnce: [Uninstall C:\Users\patri\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\patri\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\MountPoints2: {55be335e-9481-11e5-8dac-606dc7259c90} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-11-30]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-11-30]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{0b7622b7-d13a-4b8d-b0bd-5d4ee8225252}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-4289035166-367522565-830471971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-4289035166-367522565-830471971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-27] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-11-30] (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-27] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-11-30] (McAfee)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-11-30] (McAfee)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-11-30] (McAfee)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-27] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-28] (McAfee, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4289035166-367522565-830471971-1001 -> hxxps://www.bing.com/search?q=google&FORM=EDGENA

FireFox:
========
FF ProfilePath: C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF SearchPlugin: C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\searchplugins\McSiteAdvisor.xml [2015-12-11]
FF Extension: Web Developer - C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-11-30]
FF Extension: McAfee SafeKey - C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-11-30] [not signed]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF Extension: Developer Tools - toolbar button - C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\Extensions\devtoolsmenu@AccessFirefox.org.xpi [2015-11-30]
FF Extension: iCloud Bookmarks - C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\Extensions\firefoxdav@icloud.com [2015-11-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-26] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B211GB0D19700101&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-04]
CHR Extension: (Google Docs) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-04]
CHR Extension: (Google Drive) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmendinpapjjojakimjlmkkkcmnojefg [2015-12-04]
CHR Extension: (Google Search) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Sheets) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-04]
CHR Extension: (SiteAdvisor) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2015-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Extension: (Gmail) - C:\Users\patri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [117976 2015-06-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-09-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-24] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-04-29] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-26] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2015-07-13] (Intel Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-12-04] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation)
R2 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [624424 2015-11-26] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-07-22] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-11-26] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 12:24 - 2015-12-11 12:25 - 00026097 _____ C:\Users\patri\Downloads\FRST.txt
2015-12-11 12:24 - 2015-12-11 12:24 - 00000000 ____D C:\FRST
2015-12-11 12:23 - 2015-12-11 12:24 - 02369024 _____ (Farbar) C:\Users\patri\Downloads\FRST64.exe
2015-12-11 10:16 - 2015-12-11 10:16 - 00004632 _____ C:\Users\patri\Desktop\rk_10A7.tmp.txt
2015-12-11 09:43 - 2015-12-11 09:44 - 00268660 _____ C:\TDSSKiller.3.1.0.7_11.12.2015_09.43.48_log.txt
2015-12-11 05:18 - 2015-12-11 05:18 - 00005592 _____ C:\Users\patri\Desktop\rk_1A4D.tmp.txt
2015-12-11 04:52 - 2015-12-11 04:53 - 00268776 _____ C:\TDSSKiller.3.1.0.7_11.12.2015_04.52.50_log.txt
2015-12-11 04:20 - 2015-12-11 04:20 - 08489696 _____ C:\Users\patri\Downloads\saSetup(2).exe
2015-12-11 04:18 - 2015-12-11 04:18 - 00211312 _____ (McAfee, Inc.) C:\Users\patri\Downloads\mvt(1).exe
2015-12-11 04:09 - 2015-12-11 04:09 - 26064960 _____ (McAfee, Inc.) C:\Users\patri\Downloads\mcafee_safekey(1).exe
2015-12-11 03:56 - 2015-12-11 03:56 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\patri\Downloads\rkill64-5387.exe
2015-12-11 02:40 - 2015-12-11 03:56 - 00789234 _____ C:\TDSSKiller.3.1.0.7_11.12.2015_02.40.26_log.txt
2015-12-11 02:36 - 2015-12-11 02:36 - 00001066 _____ C:\Users\patri\Desktop\scan-malwarebytes11th dec 2.30am.txt
2015-12-11 01:04 - 2015-12-11 01:04 - 00000560 _____ C:\TDSSKiller.3.1.0.7_11.12.2015_01.04.44_log.txt
2015-12-11 01:02 - 2015-12-11 01:04 - 00267242 _____ C:\TDSSKiller.3.1.0.7_11.12.2015_01.02.59_log.txt
2015-12-10 17:37 - 2015-12-10 17:37 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\patri\Downloads\rkill64.exe
2015-12-10 17:20 - 2015-12-10 17:25 - 00882714 _____ C:\TDSSKiller.3.1.0.8_10.12.2015_17.20.46_log.txt
2015-12-10 17:17 - 2015-12-10 17:19 - 00273660 _____ C:\TDSSKiller.3.1.0.8_10.12.2015_17.17.35_log.txt
2015-12-10 17:16 - 2015-12-10 17:17 - 04600798 _____ C:\Users\patri\Downloads\tdsskiller.zip
2015-12-10 17:16 - 2015-12-10 17:16 - 00000434 _____ C:\TDSSKiller.3.1.0.7_10.12.2015_17.16.30_log.txt
2015-12-10 16:17 - 2015-12-10 16:17 - 00000046 _____ C:\Users\patri\Desktop\livesafe phone.txt
2015-12-10 11:23 - 2015-12-10 11:23 - 03373592 _____ C:\Users\patri\Downloads\McAfee_TechCheck(1).exe
2015-12-10 10:49 - 2015-12-10 10:49 - 00000067 _____ C:\Users\patri\Desktop\TEMP FILES NOT DELETED.txt
2015-12-10 09:15 - 2015-12-10 09:17 - 00273636 _____ C:\TDSSKiller.3.1.0.7_10.12.2015_09.15.57_log.txt
2015-12-10 08:52 - 2015-12-10 08:53 - 01599336 _____ (Malwarebytes) C:\Users\patri\Downloads\JRT(1).exe
2015-12-10 08:24 - 2015-12-10 08:25 - 01738240 _____ C:\Users\patri\Downloads\AdwCleaner(2).exe
2015-12-10 08:05 - 2015-12-10 08:05 - 12078408 _____ C:\Users\patri\Downloads\saSetup(1).exe
2015-12-10 07:39 - 2015-12-10 07:49 - 138022680 _____ (Microsoft Corporation) C:\Users\patri\Downloads\msert(2).exe
2015-12-09 23:02 - 2015-12-09 23:05 - 137905936 _____ (Microsoft Corporation) C:\Users\patri\Downloads\msert(1).exe
2015-12-09 22:35 - 2015-12-09 22:38 - 00538678 _____ C:\TDSSKiller.3.1.0.7_09.12.2015_22.35.37_log.txt
2015-12-09 18:41 - 2015-12-09 18:38 - 00005202 _____ C:\Users\patri\Documents\route.print.txt
2015-12-09 17:51 - 2015-12-09 17:52 - 00273638 _____ C:\TDSSKiller.3.1.0.7_09.12.2015_17.51.24_log.txt
2015-12-09 14:55 - 2015-12-09 14:56 - 00273492 _____ C:\TDSSKiller.3.1.0.7_09.12.2015_14.55.25_log.txt
2015-12-09 13:38 - 2015-12-09 14:28 - 00019562 _____ C:\Users\patri\Desktop\webchat remote control mcafee.txt
2015-12-09 13:07 - 2015-12-09 13:07 - 00967536 _____ (McAfee, Inc.) C:\Users\patri\Downloads\MVTInstaller.exe
2015-12-09 12:51 - 2015-12-09 12:51 - 00000248 _____ C:\rescue.info
2015-12-09 12:50 - 2015-12-09 14:36 - 00000000 ____D C:\Users\patri\AppData\Local\LogMeIn Rescue Applet
2015-12-09 12:50 - 2015-12-09 12:50 - 01615264 _____ (LogMeIn, Inc.) C:\Users\patri\Downloads\Support-LogMeInRescue.exe
2015-12-09 12:23 - 2015-12-09 14:27 - 00002346 _____ C:\Users\patri\Desktop\mcafee support technical team number.txt
2015-12-09 12:09 - 2015-12-10 11:24 - 00000000 ____D C:\Users\patri\AppData\Roaming\McAfee TechCheck
2015-12-09 12:09 - 2015-12-10 11:23 - 00000000 _____ C:\Users\patri\Downloads\iphist.dat
2015-12-09 12:09 - 2015-12-09 12:09 - 03373592 _____ C:\Users\patri\Downloads\McAfee_TechCheck.exe
2015-12-09 12:02 - 2015-12-09 12:02 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-12-09 12:02 - 2015-12-09 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-09 12:01 - 2015-12-09 12:01 - 08593144 _____ (McAfee, Inc.) C:\Users\patri\Downloads\SecurityScan_Release.exe
2015-12-09 12:01 - 2015-12-09 12:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-12-09 12:01 - 2015-12-09 12:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-12-09 11:31 - 2015-12-01 07:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 11:31 - 2015-11-24 12:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 11:31 - 2015-11-24 11:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 11:31 - 2015-11-24 11:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 11:31 - 2015-11-24 10:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 11:31 - 2015-11-24 10:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 11:31 - 2015-11-24 10:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-09 11:31 - 2015-11-24 09:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-09 11:31 - 2015-11-24 09:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 11:31 - 2015-11-24 09:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-09 11:31 - 2015-11-24 09:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 11:31 - 2015-11-24 09:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 11:31 - 2015-11-24 09:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 11:31 - 2015-11-24 09:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 11:31 - 2015-11-24 08:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 11:31 - 2015-11-24 08:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 11:31 - 2015-11-24 08:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-09 11:31 - 2015-11-24 08:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 11:31 - 2015-11-24 08:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 11:31 - 2015-11-24 08:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 11:31 - 2015-11-24 08:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 11:31 - 2015-11-24 08:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 11:31 - 2015-11-24 07:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 11:31 - 2015-11-24 07:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 11:31 - 2015-11-24 07:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 11:31 - 2015-11-24 07:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 11:31 - 2015-11-24 07:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 11:31 - 2015-11-24 07:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 11:31 - 2015-11-24 07:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 11:31 - 2015-11-24 07:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 11:31 - 2015-11-24 07:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 11:31 - 2015-11-24 07:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 17:43 - 2015-12-08 17:44 - 00271148 _____ C:\TDSSKiller.3.1.0.7_08.12.2015_17.43.08_log.txt
2015-12-07 19:09 - 2015-12-07 19:11 - 00273916 _____ C:\TDSSKiller.3.1.0.7_07.12.2015_19.09.17_log.txt
2015-12-07 18:55 - 2015-12-11 05:18 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-07 18:55 - 2015-12-07 18:55 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-12-07 18:55 - 2015-12-07 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-07 18:50 - 2015-12-07 18:54 - 30225712 _____ (Adlice Software ) C:\Users\patri\Downloads\setup.exe
2015-12-07 17:58 - 2015-12-07 17:58 - 00001111 _____ C:\Users\Public\Desktop\FastStone Capture.lnk
2015-12-07 17:58 - 2015-12-07 17:58 - 00000000 ____D C:\Users\patri\AppData\Roaming\FastStone
2015-12-07 17:58 - 2015-12-07 17:58 - 00000000 ____D C:\Users\patri\AppData\Local\FastStone
2015-12-07 17:58 - 2015-12-07 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2015-12-07 17:58 - 2015-12-07 17:58 - 00000000 ____D C:\Program Files (x86)\FastStone Capture
2015-12-07 17:57 - 2015-12-07 17:58 - 02643174 _____ C:\Users\patri\Downloads\FSCaptureSetup83.exe
2015-12-07 15:59 - 2015-12-07 15:59 - 00000000 ____D C:\Users\patri\AppData\Roaming\WildTangent
2015-12-07 15:42 - 2015-12-07 15:42 - 00584288 _____ (Oracle Corporation) C:\Users\patri\Downloads\JavaSetup8u66(1).exe
2015-12-07 15:29 - 2015-12-07 15:45 - 00000000 ____D C:\ProgramData\Oracle
2015-12-07 15:29 - 2015-12-07 15:43 - 00000000 ____D C:\Users\patri\.oracle_jre_usage
2015-12-07 15:29 - 2015-12-07 15:29 - 00000000 ____D C:\Users\patri\AppData\Roaming\Sun
2015-12-07 15:29 - 2015-12-07 15:29 - 00000000 ____D C:\Users\patri\AppData\LocalLow\Sun
2015-12-07 15:25 - 2015-12-07 15:25 - 00584288 _____ (Oracle Corporation) C:\Users\patri\Downloads\jre-8u60-windows-i586-iftw.exe
2015-12-07 15:25 - 2015-12-07 15:25 - 00000000 ____D C:\Users\patri\AppData\LocalLow\Oracle
2015-12-07 15:23 - 2015-12-07 15:23 - 00584288 _____ (Oracle Corporation) C:\Users\patri\Downloads\JavaSetup8u66.exe
2015-12-07 15:17 - 2015-12-07 15:17 - 00007005 _____ C:\Users\patri\Documents\mozilla info settings from browser.txt
2015-12-07 14:46 - 2015-12-10 09:00 - 00000829 _____ C:\Users\patri\Desktop\JRT.txt
2015-12-07 14:46 - 2015-12-09 14:41 - 00000000 ____D C:\Users\patri\AppData\Local\CrashDumps
2015-12-07 14:41 - 2015-12-07 14:41 - 01599336 _____ (Malwarebytes) C:\Users\patri\Downloads\JRT.exe
2015-12-07 14:15 - 2015-12-10 09:00 - 00000000 ____D C:\AdwCleaner
2015-12-07 14:14 - 2015-12-07 14:14 - 01736704 _____ C:\Users\patri\Downloads\adwcleaner_5.023.exe
2015-12-07 14:06 - 2015-12-07 14:06 - 00003524 _____ C:\Users\patri\Desktop\rk_D219.tmp.txt
2015-12-07 13:39 - 2015-12-07 13:43 - 25027656 _____ C:\Users\patri\Downloads\RogueKillerX64.exe
2015-12-07 13:26 - 2015-12-07 13:26 - 00002515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif DrawPlus Starter Edition.lnk
2015-12-07 13:26 - 2015-12-07 13:26 - 00002399 _____ C:\Users\Public\Desktop\Serif DrawPlus Starter Edition.lnk
2015-12-07 13:22 - 2015-12-07 13:22 - 00000133 _____ C:\Users\patri\Desktop\serif draw plus product key.txt
2015-12-07 13:16 - 2015-12-07 13:21 - 108304752 _____ (Serif (Europe) Ltd., support@serif.co.uk) C:\Users\patri\Downloads\DLX4-DrawPlus-SE-Installer-EN.exe
2015-12-07 11:35 - 2015-12-07 11:35 - 00000911 _____ C:\Users\patri\Documents\ip address change.txt
2015-12-04 18:52 - 2015-12-04 18:52 - 00002862 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-04 18:52 - 2015-12-04 18:52 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-04 18:52 - 2015-12-04 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-04 18:52 - 2015-12-04 18:52 - 00000000 ____D C:\Program Files\CCleaner
2015-12-04 18:50 - 2015-12-04 18:51 - 05565384 _____ (Piriform Ltd) C:\Users\patri\Downloads\ccsetup512_slim.exe
2015-12-04 18:26 - 2015-12-10 17:19 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForpatri.job
2015-12-04 18:26 - 2015-12-10 15:26 - 00003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForpatri
2015-12-04 17:45 - 2015-12-09 17:33 - 00000000 ____D C:\Users\patri\AppData\Local\ElevatedDiagnostics
2015-12-04 17:39 - 2015-12-04 17:39 - 05639148 _____ (Swearware) C:\Users\patri\Downloads\ComboFix.exe
2015-12-04 16:10 - 2015-12-10 13:15 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-04 16:10 - 2015-12-04 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-04 16:07 - 2015-12-11 12:12 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 16:07 - 2015-12-11 01:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 16:07 - 2015-12-04 16:07 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 16:06 - 2015-12-04 16:07 - 00000000 ____D C:\Users\patri\AppData\Local\Deployment
2015-12-04 16:06 - 2015-12-04 16:06 - 00000000 ____D C:\Users\patri\AppData\Local\Apps\2.0
2015-12-04 15:49 - 2015-12-04 15:49 - 01736704 _____ C:\Users\patri\Downloads\AdwCleaner(1).exe
2015-12-04 15:09 - 2015-12-11 09:44 - 00036608 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-04 15:09 - 2015-12-04 15:53 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-04 15:07 - 2015-12-04 15:09 - 20826184 _____ C:\Users\patri\Downloads\RogueKiller.exe
2015-12-04 14:51 - 2015-12-04 15:03 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-04 14:50 - 2015-12-04 14:52 - 11337112 _____ (SurfRight B.V.) C:\Users\patri\Downloads\HitmanPro_x64.exe
2015-12-04 14:19 - 2015-12-04 14:19 - 00001479 _____ C:\Users\patri\Desktop\tdsskiller - Shortcut.lnk
2015-12-04 14:19 - 2015-12-04 14:19 - 00001244 _____ C:\Users\patri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tdsskiller.lnk
2015-12-04 14:16 - 2015-12-04 14:19 - 00272184 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_14.16.51_log.txt
2015-12-04 13:13 - 2015-12-04 13:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-04 13:11 - 2015-12-04 13:31 - 00000000 ____D C:\Users\patri\Desktop\mbar
2015-12-04 13:10 - 2015-12-04 13:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\patri\Downloads\mbar-1.09.3.1001.exe
2015-12-04 12:28 - 2015-12-04 12:28 - 00000952 _____ C:\Users\patri\Desktop\rkill - Shortcut.lnk
2015-12-04 12:14 - 2015-12-11 05:21 - 00003216 _____ C:\Users\patri\Desktop\Rkill.txt
2015-12-04 12:14 - 2015-12-04 12:14 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\patri\Downloads\rkill.exe
2015-12-04 11:28 - 2015-12-10 07:37 - 00242042 _____ C:\Users\patri\Desktop\MVTHealthCheck.html
2015-12-04 11:21 - 2015-12-11 00:28 - 00017170 _____ C:\Users\patri\Desktop\MVTHealthCheck_Deviation.html
2015-12-04 11:19 - 2015-12-04 11:19 - 00000000 ____D C:\Users\patri\AppData\Roaming\McAfee
2015-12-04 11:18 - 2015-12-09 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-04 11:17 - 2015-12-04 11:17 - 00211312 _____ (McAfee, Inc.) C:\Users\patri\Downloads\mvt.exe
2015-12-04 10:53 - 2015-12-04 10:58 - 00536194 _____ C:\TDSSKiller.3.1.0.7_04.12.2015_10.53.55_log.txt
2015-12-04 10:53 - 2015-12-04 10:53 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\patri\Downloads\tdsskiller.exe
2015-12-04 10:14 - 2015-12-04 10:15 - 12078408 _____ C:\Users\patri\Downloads\saSetup.exe
2015-12-03 10:58 - 2015-12-08 17:25 - 00000000 ____D C:\Users\patri\Desktop\tony benn website
2015-12-03 07:56 - 2015-12-03 07:57 - 01736704 _____ C:\Users\patri\Downloads\AdwCleaner.exe
2015-12-03 07:42 - 2015-11-22 10:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 07:42 - 2015-11-22 10:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 07:42 - 2015-11-22 10:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 07:42 - 2015-11-22 10:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-03 07:42 - 2015-11-22 10:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 07:42 - 2015-11-22 10:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 07:42 - 2015-11-22 10:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-03 07:42 - 2015-11-22 10:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 07:42 - 2015-11-22 10:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 07:42 - 2015-11-22 10:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 07:42 - 2015-11-22 10:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 07:42 - 2015-11-22 10:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 07:42 - 2015-11-22 10:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 07:42 - 2015-11-22 10:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 07:42 - 2015-11-22 10:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 07:42 - 2015-11-22 10:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 07:42 - 2015-11-22 10:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 07:42 - 2015-11-22 10:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 07:42 - 2015-11-22 10:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 07:42 - 2015-11-22 09:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 07:42 - 2015-11-22 09:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 07:42 - 2015-11-22 09:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 07:42 - 2015-11-22 09:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-03 07:42 - 2015-11-22 09:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 07:42 - 2015-11-22 09:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 07:42 - 2015-11-22 09:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 07:42 - 2015-11-22 09:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 07:42 - 2015-11-22 09:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 07:42 - 2015-11-22 09:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 07:42 - 2015-11-22 09:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 07:42 - 2015-11-22 09:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-03 07:42 - 2015-11-22 09:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 07:42 - 2015-11-22 09:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 07:42 - 2015-11-22 09:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 07:42 - 2015-11-22 09:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 07:42 - 2015-11-22 09:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-03 07:42 - 2015-11-22 09:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-03 07:42 - 2015-11-22 09:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 07:42 - 2015-11-22 09:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 07:42 - 2015-11-22 09:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 07:42 - 2015-11-22 09:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-03 07:42 - 2015-11-22 09:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 07:42 - 2015-11-22 09:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 07:42 - 2015-11-22 09:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 07:42 - 2015-11-22 09:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 07:42 - 2015-11-22 09:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 07:42 - 2015-11-22 09:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 07:42 - 2015-11-22 09:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 07:42 - 2015-11-22 09:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 07:42 - 2015-11-22 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 07:42 - 2015-11-22 09:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 07:42 - 2015-11-22 09:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 07:42 - 2015-11-22 09:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 07:42 - 2015-11-22 09:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 07:42 - 2015-11-22 09:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 07:42 - 2015-11-22 09:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 07:42 - 2015-11-22 09:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 07:42 - 2015-11-22 09:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-03 07:42 - 2015-11-22 09:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 07:42 - 2015-11-22 09:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 07:42 - 2015-11-22 09:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 07:42 - 2015-11-22 09:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 07:42 - 2015-11-22 09:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 07:42 - 2015-11-22 09:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 07:42 - 2015-11-22 09:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 07:42 - 2015-11-22 09:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 07:42 - 2015-11-22 09:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 07:42 - 2015-11-22 09:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 07:42 - 2015-11-22 09:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 07:42 - 2015-11-22 09:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 07:42 - 2015-11-22 09:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 07:42 - 2015-11-22 09:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 07:42 - 2015-11-22 09:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-03 07:42 - 2015-11-22 09:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 07:42 - 2015-11-22 09:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 07:42 - 2015-11-22 09:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-03 07:42 - 2015-11-22 09:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 07:42 - 2015-11-22 09:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 07:42 - 2015-11-22 09:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-03 07:42 - 2015-11-22 09:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 07:42 - 2015-11-22 09:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 07:42 - 2015-11-22 09:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 07:42 - 2015-11-22 09:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 07:42 - 2015-11-22 09:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 07:42 - 2015-11-22 09:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-03 07:42 - 2015-11-22 09:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 07:41 - 2015-11-22 10:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 07:41 - 2015-11-22 10:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 07:41 - 2015-11-22 09:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 07:41 - 2015-11-22 09:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 07:41 - 2015-11-22 09:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 07:41 - 2015-11-22 09:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 07:41 - 2015-11-22 09:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 07:41 - 2015-11-22 09:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 07:41 - 2015-11-22 09:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 07:41 - 2015-11-22 09:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 07:41 - 2015-11-22 09:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 07:41 - 2015-11-22 09:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 07:41 - 2015-11-22 09:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 07:41 - 2015-11-22 09:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 07:41 - 2015-11-22 09:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 07:41 - 2015-11-22 09:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 07:41 - 2015-11-22 09:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 07:41 - 2015-11-22 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 07:41 - 2015-11-22 09:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 07:41 - 2015-11-22 09:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 07:41 - 2015-11-22 09:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-03 07:41 - 2015-11-22 09:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 07:41 - 2015-11-22 09:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 07:41 - 2015-11-22 09:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-03 07:41 - 2015-11-22 09:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 07:41 - 2015-11-22 09:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 07:41 - 2015-11-22 09:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 07:41 - 2015-11-22 09:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 07:41 - 2015-11-22 09:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 07:41 - 2015-11-22 09:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-03 07:41 - 2015-11-22 09:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 07:41 - 2015-11-22 09:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 07:41 - 2015-11-22 09:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 07:41 - 2015-11-22 09:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 07:41 - 2015-11-22 09:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 07:41 - 2015-11-22 09:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-03 07:41 - 2015-11-22 09:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 07:41 - 2015-11-22 09:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 07:41 - 2015-11-22 09:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 07:41 - 2015-11-22 09:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 07:41 - 2015-11-22 09:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 07:41 - 2015-11-22 09:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 07:41 - 2015-11-22 09:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 07:41 - 2015-11-22 09:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 07:41 - 2015-11-22 09:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 07:41 - 2015-11-22 09:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-03 07:41 - 2015-11-22 09:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 07:41 - 2015-11-22 09:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 07:41 - 2015-11-22 09:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 07:41 - 2015-11-22 09:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 07:41 - 2015-11-22 09:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 07:41 - 2015-11-22 09:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 07:41 - 2015-11-22 09:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 07:41 - 2015-11-22 09:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 07:41 - 2015-11-22 09:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 07:41 - 2015-11-22 09:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 07:41 - 2015-11-22 09:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-02 12:15 - 2015-12-02 13:22 - 00093790 _____ C:\Users\patri\Desktop\Tish new responsive.wpp
2015-12-02 10:04 - 2015-12-07 15:49 - 00000000 ____D C:\Users\patri\AppData\Roaming\Serif
2015-12-02 10:04 - 2015-12-07 12:51 - 00000000 ____D C:\Users\patri\Documents\Serif
2015-12-02 00:33 - 2015-12-11 11:53 - 00000400 _____ C:\WINDOWS\Tasks\WpsUpdateTask_patri.job
2015-12-02 00:33 - 2015-12-11 11:49 - 00000400 _____ C:\WINDOWS\Tasks\WpsNotifyTask_patri.job
2015-12-02 00:33 - 2015-12-02 00:33 - 00003418 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_patri
2015-12-02 00:33 - 2015-12-02 00:33 - 00003418 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_patri
2015-12-02 00:33 - 2015-12-02 00:33 - 00000000 ____D C:\Users\patri\AppData\Local\kingsoft
2015-12-02 00:31 - 2015-12-02 00:33 - 00000000 ____D C:\Users\patri\AppData\Roaming\Kingsoft
2015-12-01 14:13 - 2015-12-07 13:26 - 00000000 ____D C:\Program Files (x86)\Serif
2015-12-01 14:13 - 2015-12-01 14:13 - 00002489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X8.lnk
2015-12-01 14:13 - 2015-12-01 14:13 - 00002178 _____ C:\Users\Public\Desktop\Serif PagePlus X8.lnk
2015-12-01 12:27 - 2015-12-07 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
2015-12-01 12:27 - 2015-12-01 12:27 - 00002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif WebPlus X7.lnk
2015-12-01 12:27 - 2015-12-01 12:27 - 00002160 _____ C:\Users\Public\Desktop\Serif WebPlus X7.lnk
2015-12-01 12:26 - 2015-12-01 14:12 - 00000000 ____D C:\Program Files\Serif
2015-12-01 12:24 - 2015-12-01 12:24 - 00000041 _____ C:\Users\patri\Desktop\webplus 7 serif.txt
2015-12-01 12:01 - 2015-12-01 12:01 - 00000300 _____ C:\Users\patri\Desktop\bank holidays 2016.txt
2015-12-01 10:18 - 2015-12-04 16:11 - 00000000 ____D C:\Users\patri\AppData\Local\Google
2015-12-01 10:18 - 2015-12-04 16:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-01 10:18 - 2015-12-04 16:07 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 10:16 - 2015-12-01 10:16 - 05028296 _____ (Adobe Systems Inc.) C:\Users\patri\Downloads\Shockwave_Installer_Slim.exe
2015-12-01 08:40 - 2015-12-01 08:42 - 00000199 _____ C:\Users\patri\Desktop\serif.txt
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\Users\patri\AppData\LocalLow\SafeKeytmp
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\Users\patri\AppData\LocalLow\SafeKeylang
2015-11-30 19:29 - 2015-12-11 12:23 - 00000000 ____D C:\Users\patri\AppData\LocalLow\SafeKey
2015-11-30 19:29 - 2015-11-30 19:34 - 00000000 ____D C:\Program Files (x86)\SafeKey
2015-11-30 19:29 - 2015-11-30 19:29 - 26064960 _____ (McAfee, Inc.) C:\Users\patri\Downloads\mcafee_safekey.exe
2015-11-30 12:35 - 2015-12-09 14:39 - 00000000 ___RD C:\Users\patri\iCloudDrive
2015-11-30 12:35 - 2015-12-08 10:35 - 00003496 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2015-11-30 12:35 - 2015-11-30 12:35 - 00000000 ____D C:\Users\patri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-30 12:35 - 2015-11-30 12:35 - 00000000 ____D C:\Users\patri\AppData\Local\Apple Inc
2015-11-30 12:34 - 2015-11-30 12:34 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-30 12:29 - 2015-11-30 12:36 - 00000000 ____D C:\Users\patri\AppData\Roaming\Apple Computer
2015-11-30 12:29 - 2015-11-30 12:33 - 00000000 ____D C:\Users\patri\AppData\Local\Apple Computer
2015-11-30 12:29 - 2015-11-30 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-30 12:28 - 2015-11-30 12:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-30 12:28 - 2015-11-30 12:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-30 12:28 - 2015-11-30 12:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-30 12:28 - 2015-11-30 12:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-30 12:23 - 2015-11-30 12:27 - 125138200 _____ (Apple Inc.) C:\Users\patri\Downloads\icloudsetup.exe
2015-11-30 12:20 - 2015-11-30 12:38 - 00000000 ____D C:\Users\patri\AppData\Local\Apple
2015-11-30 12:14 - 2015-11-30 12:21 - 00000000 ____D C:\Users\patri\AppData\Local\Mozilla
2015-11-30 12:14 - 2015-11-30 12:15 - 00000000 ____D C:\Users\patri\AppData\Roaming\Mozilla
2015-11-30 12:14 - 2015-11-30 12:14 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-30 12:14 - 2015-11-30 12:14 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-30 12:14 - 2015-11-30 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-30 12:14 - 2015-11-30 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-30 12:12 - 2015-11-30 12:12 - 00243632 _____ C:\Users\patri\Downloads\Firefox Setup Stub 42.0.exe
2015-11-30 11:38 - 2015-11-30 11:38 - 00000000 ____D C:\Users\patri\Documents\CyberLink
2015-11-30 11:38 - 2015-11-30 11:38 - 00000000 ____D C:\Users\patri\AppData\Roaming\CyberLink
2015-11-30 11:28 - 2015-11-30 11:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-30 11:08 - 2015-11-30 11:08 - 00000767 _____ C:\Users\patri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msert.lnk
2015-11-30 10:55 - 2015-11-30 11:00 - 134928144 _____ (Microsoft Corporation) C:\Users\patri\Downloads\msert.exe
2015-11-30 10:28 - 2015-11-30 10:28 - 00000000 ____D C:\Users\patri\AppData\Roaming\DropboxOEM
2015-11-27 11:32 - 2015-11-27 11:32 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-27 10:43 - 2015-11-27 10:43 - 00000000 ____D C:\ProgramData\Western Digital
2015-11-27 10:33 - 2015-11-27 10:33 - 00000000 ____D C:\Users\patri\Documents\Custom Office Templates
2015-11-27 10:13 - 2015-11-27 10:15 - 00000000 ____D C:\Users\patri\AppData\Local\OfficeBSCache-OD-patricia_mata1@hotmail.com
2015-11-27 10:01 - 2015-11-27 10:01 - 00002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-11-27 10:01 - 2015-11-27 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-11-27 09:52 - 2015-11-27 09:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-27 09:32 - 2015-12-11 11:21 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{094356C9-79FC-41C6-AF72-6C425F00F161}
2015-11-27 09:15 - 2015-12-11 11:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 09:15 - 2015-12-04 13:12 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-27 09:15 - 2015-11-27 09:15 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 09:15 - 2015-11-27 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 09:15 - 2015-11-27 09:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 09:15 - 2015-11-27 09:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 09:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-27 09:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-27 09:13 - 2015-11-27 09:14 - 22908888 _____ (Malwarebytes ) C:\Users\patri\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-26 22:26 - 2015-11-26 22:26 - 00000000 ____D C:\Users\patri\AppData\Local\ActiveSync
2015-11-26 22:24 - 2015-11-26 22:24 - 00000020 ___SH C:\Users\patri\ntuser.ini
2015-11-26 21:09 - 2015-12-11 01:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-26 21:09 - 2015-11-26 21:09 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-26 21:03 - 2015-11-26 21:03 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-26 21:03 - 2015-11-26 21:03 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-11-26 21:03 - 2015-11-26 21:03 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2015-11-26 21:03 - 2015-11-26 21:03 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-11-26 21:03 - 2015-11-26 21:03 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2015-11-26 21:00 - 2015-11-26 21:04 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-26 20:59 - 2015-12-10 15:26 - 00000000 ____D C:\Users\patri
2015-11-26 20:58 - 2015-12-07 12:58 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-26 20:58 - 2015-11-26 20:58 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-11-26 20:56 - 2015-11-26 20:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-11-26 20:55 - 2015-12-11 01:29 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-26 20:55 - 2015-11-26 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-11-26 20:55 - 2015-11-26 21:00 - 00000000 ____D C:\Program Files\Intel
2015-11-26 20:55 - 2015-11-26 20:55 - 00018544 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2015-11-26 20:55 - 2015-11-26 20:55 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-11-26 20:55 - 2015-11-26 20:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-11-26 20:55 - 2015-11-26 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-11-26 20:55 - 2015-11-26 20:55 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-11-26 20:55 - 2015-11-26 20:55 - 00000000 ____D C:\Program Files\Synaptics
2015-11-26 20:55 - 2015-11-26 20:55 - 00000000 ____D C:\Program Files\Realtek
2015-11-26 20:55 - 2015-07-27 13:39 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-11-26 20:55 - 2015-07-27 13:39 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-11-26 20:54 - 2015-11-26 20:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2015-11-26 20:54 - 2015-10-30 07:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-26 20:53 - 2015-11-26 21:00 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 20:51 - 2015-12-09 13:28 - 00518432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-26 20:51 - 2015-12-07 14:32 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-26 20:45 - 2015-11-26 20:45 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-26 20:45 - 2015-11-26 20:45 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-26 20:45 - 2015-11-26 20:45 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-26 20:45 - 2015-11-26 20:45 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-26 20:45 - 2015-11-26 20:45 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-26 20:45 - 2015-11-26 20:45 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-26 20:45 - 2015-11-26 20:45 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-26 20:45 - 2015-11-26 20:45 - 00000000 ____D C:\Windows.old
2015-11-26 20:43 - 2015-11-26 20:43 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-26 20:40 - 2015-11-26 20:40 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-26 20:40 - 2015-11-26 20:40 - 00000000 ____D C:\Program Files\MSBuild
2015-11-26 20:40 - 2015-11-26 20:40 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-26 20:40 - 2015-11-26 20:40 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-26 20:40 - 2015-11-26 20:40 - 00000000 ____D C:\inetpub
2015-11-26 20:39 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-26 20:39 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-26 20:39 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-26 20:39 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-26 20:39 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-26 20:39 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00624424 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtkBtfilter.sys
2015-11-26 20:14 - 2015-11-26 20:14 - 00050956 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00050920 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00050868 _____ C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00050144 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00050060 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00047692 _____ C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00037244 _____ C:\WINDOWS\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
2015-11-26 20:14 - 2015-11-26 20:14 - 00034840 _____ C:\WINDOWS\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2015-11-26 18:50 - 2015-12-09 11:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-26 18:50 - 2015-12-09 11:31 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-26 18:23 - 2015-11-26 21:09 - 00002424 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-11-26 18:23 - 2015-11-26 18:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-26 18:19 - 2015-11-26 18:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-26 18:17 - 2015-11-26 19:14 - 00000000 ____D C:\Users\patri\AppData\Local\MicrosoftEdge
2015-11-26 18:12 - 2015-11-26 18:12 - 00000000 ____D C:\Users\patri\AppData\Local\NetworkTiles
2015-11-26 18:09 - 2015-11-26 18:09 - 00000000 ____D C:\Users\patri\AppData\Roaming\Macromedia
2015-11-26 18:08 - 2015-12-10 15:26 - 00000000 ____D C:\Users\patri\AppData\Local\Hewlett-Packard
2015-11-26 18:08 - 2015-12-10 08:06 - 00000000 ___RD C:\Users\patri\OneDrive
2015-11-26 18:08 - 2015-12-09 11:35 - 00002370 _____ C:\Users\patri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-26 18:08 - 2015-11-26 18:08 - 00000000 ____D C:\Users\patri\AppData\Roaming\Synaptics
2015-11-26 18:08 - 2015-11-26 18:08 - 00000000 ____D C:\Users\patri\AppData\Roaming\Hewlett-Packard
2015-11-26 18:08 - 2015-11-26 18:08 - 00000000 ____D C:\Users\patri\AppData\Local\HP_Inc
2015-11-26 18:06 - 2015-11-26 19:30 - 00000000 ____D C:\Users\patri\AppData\Local\Comms
2015-11-26 18:06 - 2015-11-26 18:06 - 00000000 ____D C:\Users\patri\AppData\Local\Publishers
2015-11-26 18:05 - 2015-12-11 01:31 - 00000000 ____D C:\Users\patri\Documents\YouCam
2015-11-26 18:05 - 2015-11-26 18:08 - 00000000 ____D C:\Users\patri\AppData\Local\CyberLink
2015-11-26 18:05 - 2015-11-26 18:05 - 00000184 _____ C:\WINDOWS\insFileSpec
2015-11-26 18:05 - 2015-11-26 18:05 - 00000000 ____D C:\Users\patri\Documents\My Bluetooth
2015-11-26 18:05 - 2015-11-26 18:05 - 00000000 ____D C:\Users\patri\AppData\Local\DropboxOEM
2015-11-26 18:05 - 2015-09-05 15:01 - 00001292 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2015-11-26 18:04 - 2015-12-11 04:06 - 00000000 ____D C:\Users\patri\AppData\Local\Packages
2015-11-26 18:04 - 2015-12-11 01:29 - 00000000 __SHD C:\Users\patri\IntelGraphicsProfiles
2015-11-26 18:04 - 2015-11-26 18:04 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-I7LJVEU_defaultuser0_HistoryPrediction.bin
2015-11-26 18:04 - 2015-11-26 18:04 - 00000000 ____D C:\Users\patri\AppData\Roaming\Adobe
2015-11-26 18:04 - 2015-11-26 18:04 - 00000000 ____D C:\Users\patri\AppData\Local\VirtualStore
2015-11-26 18:04 - 2015-11-26 18:04 - 00000000 ____D C:\Users\patri\AppData\Local\TileDataLayer
2015-11-26 18:03 - 2015-11-26 18:03 - 01806216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-11-26 18:03 - 2015-11-26 18:03 - 00766136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-11-26 18:03 - 2015-11-26 18:03 - 00615608 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-11-26 18:03 - 2015-11-26 18:03 - 00419528 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-11-26 18:03 - 2015-11-26 18:03 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-11-26 18:03 - 2015-11-26 18:03 - 00255688 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31.dll
2015-11-26 18:03 - 2015-11-26 18:03 - 00044216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-11-26 18:03 - 2015-11-26 18:03 - 00044216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-11-26 18:03 - 2015-11-26 18:03 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-11-26 18:01 - 2015-07-23 03:50 - 00000000 ___HD C:\Users\patri\Documents\hp.system.package.metadata
2015-11-26 18:01 - 2015-07-23 03:50 - 00000000 ___HD C:\Users\patri\Documents\hp.applications.package.appdata
2015-11-12 22:50 - 2015-11-12 22:50 - 00026880 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdcsam64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 12:24 - 2015-10-30 06:28 - 00000000 ____D C:\Windows
2015-12-11 11:40 - 2015-09-05 15:12 - 00000420 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
2015-12-11 11:40 - 2015-09-05 15:12 - 00000420 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
2015-12-11 08:51 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-11 04:21 - 2015-09-05 15:04 - 00000000 ____D C:\ProgramData\mcafee
2015-12-11 04:21 - 2015-09-05 15:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-11 04:06 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 01:27 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-11 00:42 - 2015-09-05 15:04 - 00000000 ____D C:\Program Files\mcafee
2015-12-10 11:14 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-10 08:17 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-09 13:26 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 11:31 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-07 16:00 - 2015-09-05 15:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-07 15:59 - 2015-09-05 15:16 - 00000000 ____D C:\ProgramData\WildTangent
2015-12-07 15:59 - 2015-09-05 15:16 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-12-05 12:27 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 03:34 - 2015-10-30 06:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-04 03:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-04 03:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-04 03:31 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-01 00:33 - 2015-10-30 07:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 00:33 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 12:28 - 2015-09-05 15:00 - 00000000 ____D C:\ProgramData\Apple
2015-11-30 11:38 - 2015-09-05 15:11 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-30 09:42 - 2015-09-05 15:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-27 10:12 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 09:52 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-27 09:48 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-27 08:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-27 08:54 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-26 22:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-26 22:25 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-26 22:24 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-26 22:24 - 2015-07-16 06:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-26 21:14 - 2015-09-05 15:52 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2015-11-26 21:14 - 2015-09-05 15:52 - 00024768 _____ C:\WINDOWS\diagerr.xml
2015-11-26 21:12 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-26 21:12 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Registration
2015-11-26 21:09 - 2015-09-05 15:18 - 00002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2015-11-26 21:09 - 2015-09-05 15:14 - 00002490 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2015-11-26 21:09 - 2015-09-05 15:12 - 00002998 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator
2015-11-26 21:09 - 2015-09-05 15:12 - 00002998 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
2015-11-26 21:09 - 2015-09-05 15:09 - 00002926 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2015-11-26 21:09 - 2015-09-05 15:09 - 00002654 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine
2015-11-26 21:08 - 2015-10-30 07:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-26 21:04 - 2015-09-05 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB
2015-11-26 21:04 - 2015-09-05 15:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-11-26 21:04 - 2015-09-05 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2015-11-26 21:04 - 2015-09-05 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-11-26 21:04 - 2015-09-05 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-26 21:03 - 2015-07-10 09:05 - 00000000 ____D C:\Users\Default.migrated
2015-11-26 21:01 - 2015-10-30 18:05 - 00000000 ____D C:\WINDOWS\OCR
2015-11-26 21:01 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-11-26 21:01 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-11-26 21:01 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-26 21:01 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-26 21:01 - 2015-09-05 14:53 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-26 21:01 - 2015-07-23 03:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-26 21:00 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-26 21:00 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-26 20:58 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-26 20:52 - 2015-10-30 18:15 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-26 20:50 - 2015-10-30 07:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-26 20:45 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-26 20:45 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-26 20:45 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-26 20:45 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-26 20:40 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-11-26 20:40 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-11-26 20:40 - 2015-10-30 07:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-11-26 20:40 - 2015-10-30 07:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-11-26 20:40 - 2015-10-30 07:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-11-26 20:40 - 2015-10-30 07:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-11-26 20:40 - 2015-10-30 07:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-11-26 20:40 - 2015-10-30 07:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-11-26 20:40 - 2015-10-30 07:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-11-26 20:40 - 2015-10-30 07:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-11-26 20:40 - 2015-10-30 07:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-11-26 20:40 - 2015-10-30 07:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-11-26 20:40 - 2015-10-30 07:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-11-26 20:40 - 2015-10-30 07:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-11-26 20:27 - 2015-10-30 19:02 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-26 18:25 - 2015-09-05 15:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-26 18:08 - 2015-07-23 04:01 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-26 18:05 - 2015-07-13 16:28 - 00000000 ___HD C:\SYSTEM.SAV
2015-11-26 18:00 - 2015-09-05 14:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard

==================== Files in the root of some directories =======

2015-11-30 19:33 - 2015-11-30 19:33 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-11-26 18:05 - 2015-12-11 12:17 - 0063674 _____ () C:\Users\patri\AppData\Local\BTServer.log

Some files in TEMP:
====================
C:\Users\patri\AppData\Local\Temp\0000521449794549mcinst.exe
C:\Users\patri\AppData\Local\Temp\0101841449807686mcinst.exe
C:\Users\patri\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-09 17:37

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by patri (2015-12-11 12:26:25)
Running from C:\Users\patri\Downloads
Windows 10 Home (X64) (2015-11-26 21:16:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4289035166-367522565-830471971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4289035166-367522565-830471971-503 - Limited - Disabled)
Guest (S-1-5-21-4289035166-367522565-830471971-501 - Limited - Disabled)
patri (S-1-5-21-4289035166-367522565-830471971-1001 - Administrator - Enabled) => C:\Users\patri

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
FastStone Capture 8.3 (HKLM-x32\...\FastStone Capture) (Version: 8.3 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
PagePlusX7ContentDeclaration (x32 Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.41 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Serif PagePlus X8 (HKLM\...\{45FA4ED5-95DF-4BCC-9084-DC3D1DC61325}) (Version: 18.0.2.26 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.4.38 - Serif (Europe) Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4289035166-367522565-830471971-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\patri\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

04-12-2015 03:38:20 Windows Modules Installer
07-12-2015 12:50:36 Windows Update
07-12-2015 14:42:05 JRT Pre-Junkware Removal
09-12-2015 11:26:09 McAfee Vulnerability Scanner
10-12-2015 08:53:21 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-12-09 12:02 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {045ECA43-388B-4438-B72B-140F39C6B6D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-09-28] (Hewlett-Packard Company)
Task: {08FEE8CA-AD63-4319-B14B-29E8CA996A21} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {1B68D31D-263A-4731-92F1-6D0327B4DBBE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {212496BA-5ED9-425F-88D5-7DFA38D0CA74} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2015-09-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {25F2C1E1-4AD1-4B1F-A81D-FAA39DFFB120} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {3846D025-0A48-4E7B-9261-56AFF3BF8BB5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4ACFAF3E-5C68-48E7-B95C-5ADBBE122939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {5B71FFF3-F875-4704-8670-6FC5959212DC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {6083C966-C821-48FB-A2DB-029C58BE484F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {7A3AC899-5930-43E1-96AC-E32FD950185F} - System32\Tasks\WpsUpdateTask_patri => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2015-09-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {7BDA8DD8-6386-441E-AB84-962F11994C3A} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {7CFB1799-A839-4716-9BBE-6E9A040AFC8E} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2015-04-29] (AVAST Software)
Task: {98FE9EEE-5729-4B96-AA00-8ACA1CEFBD85} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9D2C434A-3B4E-44C3-AD7D-E5C1CE4838CB} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2015-04-29] (AVAST Software)
Task: {A103AE52-D91B-49F3-930A-C222935D8A85} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {AB41DEEA-E871-40AC-B3C5-4339FB94F37D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-27] (Microsoft Corporation)
Task: {B3AAC18A-67B3-4053-ADEF-FE4EFA3E9630} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {B7C7188A-A6A9-4477-9DB5-0CA469E02D5C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {BAAFFC0E-B4C2-46D9-9A5F-165CAA0024CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {BE3A0FE9-1669-4B5A-87C0-73550ADA582C} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2015-09-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {C2E975C0-827D-46E1-9C8A-DC8D0EE3DD2E} - System32\Tasks\HPCeeScheduleForpatri => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D6A6399E-2207-47DB-A23B-4A910747D6CD} - System32\Tasks\WpsNotifyTask_patri => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2015-09-05] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {DA4D3C59-CE2D-41E5-B7CA-67B90518D6AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {DEACE86A-3A77-40DD-BC45-C46DD4C8A054} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {EC15B7AD-B822-4FC6-85FF-1C4FD7B8C39F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F997FAB2-33DB-420B-A03F-D89E19102FC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {FF0A46D0-DEB7-4442-B8AF-9ED5C82ED8B3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForpatri.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_patri.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_patri.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\patri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.co.uk/gp/bit/amazonbookmark.html?tag=hp2-desktop-uk-21&partner=HP <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=square <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-05 15:21 - 2014-04-14 17:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-27 09:52 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-09-05 15:09 - 2015-04-29 16:04 - 00445240 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2015-09-05 14:53 - 2015-06-02 09:25 - 00117976 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-12-03 07:42 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 07:42 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-27 10:02 - 2015-11-27 10:02 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-03 07:41 - 2015-11-22 09:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-03 07:42 - 2015-11-22 09:19 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-27 09:28 - 2015-11-27 09:28 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 07:17 - 2015-10-30 07:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 07:17 - 2015-10-30 07:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-10 07:33 - 2015-12-10 07:34 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 07:33 - 2015-12-10 07:34 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-26 19:03 - 2015-11-26 19:04 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-03 07:41 - 2015-11-22 09:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-03 07:41 - 2015-11-22 09:20 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-03 07:42 - 2015-11-22 09:21 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-03 07:41 - 2015-11-22 09:18 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 07:18 - 2015-10-30 18:08 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-11-27 09:28 - 2015-11-27 09:28 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-11-27 09:28 - 2015-11-27 09:28 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-11-30 19:33 - 2015-11-30 19:33 - 01012224 _____ () C:\Users\patri\AppData\Roaming\Mozilla\Firefox\Profiles\lu29iklr.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}\platform\WINNT_x86-msvc\components\mcxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\mcafee:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Realtek:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SafeKey:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\patri\Desktop\Tish new responsive.wpp:SummaryInformation
AlternateDataStreams: C:\Users\patri\Desktop\Tish new responsive.wpp:Updt_SummaryInformation
AlternateDataStreams: C:\Users\patri\Desktop\Tish new responsive.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23735305.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23735305.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4289035166-367522565-830471971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4289035166-367522565-830471971-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2AE8E5F4-671C-4A6F-9AA1-A8F490EA93D2}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{B0F8EF54-A47D-41A6-BDA8-FBD0DA59095B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{20CF38F6-4DD7-45BD-8207-29AFFBDC21C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C7F04E89-B1BC-4237-B8C8-C5C142596B34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{230BAFC4-4875-4616-8E99-41F5F5DB660A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{AB4AA729-B96A-4146-AC26-B131D29DD26C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{DFCFB2CA-6E1B-412E-891F-0DA5BA582CB4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{499C2E45-96D5-4F3E-835F-3FA5177EB352}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{C0C481AB-0A38-4A4D-A962-D188080D82E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{06304DEB-43C8-4548-BF57-7B77B181EDDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4F18CC9-15DD-4593-A75B-9ABF363CDE06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{79559E64-0575-4AC0-AA1B-A58C8384D27D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B0CC001-0B87-4AD6-AF55-AE56CCCAA0A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{44E014E7-78FC-44BB-8FC0-FFA50F37F135}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{235FF3A9-FAE9-471E-8830-79EE7F4A58F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4918DC5C-9DF5-4445-9973-5A6C7BC678E2}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{447086CA-CF76-42BA-9F92-2B8834EDE3BE}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{DCD373FB-DF49-453C-97EA-912FF62F8631}] => (Allow) C:\Users\patri\AppData\Local\Microsoft\Windows\INetCache\IE\E4VK8D5T\ProductDetection.exe
FirewallRules: [{EB1C0AF9-02CA-41A1-A830-10B86F3749C9}] => (Allow) C:\Users\patri\AppData\Local\Microsoft\Windows\INetCache\IE\E4VK8D5T\ProductDetection.exe
FirewallRules: [{394E343A-851D-4D6D-8C29-9025CF1C00F2}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{DEE7D2AE-75C2-4F2B-A87D-42022FFA60EE}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{1BD0040E-67DF-42D4-B1CB-CF1649392C5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Dynamic Platform and Thermal Framework Manager
Description: Intel® Dynamic Platform and Thermal Framework Manager
Class Guid: {c3077fcd-9c3c-482f-9317-460712f23efd}
Manufacturer: Intel
Service: esif_lf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 12:14:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2234

Error: (12/11/2015 12:14:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2234

Error: (12/11/2015 12:14:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/11/2015 09:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1263187

Error: (12/11/2015 09:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1263187

Error: (12/11/2015 09:23:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/11/2015 09:23:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1260437

Error: (12/11/2015 09:23:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1260437

Error: (12/11/2015 09:23:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/11/2015 09:23:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1257531


System errors:
=============
Error: (12/11/2015 12:22:58 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:22:27 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:16:56 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:16:25 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:14:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/11/2015 12:11:36 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:11:05 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:05:34 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 12:05:04 PM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (12/11/2015 11:59:33 AM) (Source: DCOM) (EventID: 10010) (User: MYLAPTOPNOV)
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}


CodeIntegrity:
===================================
  Date: 2015-12-10 01:47:04.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-09 13:29:14.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-09 12:30:16.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-07 14:34:53.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-04 12:30:25.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-04 03:34:07.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-01 12:30:06.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-30 12:30:21.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-30 09:42:34.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-27 10:13:41.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 3825U @ 1.90GHz
Percentage of memory in use: 57%
Total physical RAM: 8107.39 MB
Available physical RAM: 3441.25 MB
Total Virtual: 9387.39 MB
Available Virtual: 5231.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:915 GB) (Free:848.79 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1A5D04E2)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 11 December 2015 - 09:30 AM

Duplicate post removed.


Edited by satchfan, 11 December 2015 - 12:25 PM.


#3 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 11 December 2015 - 09:39 AM

apologies for double posting - somehow this posted twice with a host error at bleeping computer error 524 ' a timeout occured' apologies, please delete one of the posts



#4 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:27 AM

Posted 11 December 2015 - 12:12 PM

Hello HelpingT and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

There is no sign of anything "bad" on your computer except what was put on it by the manufacturer.

browser setting preferences have been constantly changed
McAfee Site Advisor sets Yahoo! as the default browser search

0.0.0.1 mssplus.mcafee.com
There is nothing bad about this entry.

As this is a new PC, I assume that it came with a month/year’s free trial of McAfee LiveSafe Internet Security. Most of the “problems” you are quoting are related to McAfee. Plus there is a load of “bloatware” rubbish installed by HP.

My father recently got a new Win 10 PC and the first thing I did was to uninstall all McAfee products and then enable Windows Defender & Windows firewall, both of which are perfectly adequate.

My advice would be for you to do the same, (unless you paid for McAfee :) ).

Please give me your thoughts on this.

Satchfan
 

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 11 December 2015 - 07:03 PM

Hi there, thankyou for your reply to my post.

 

Thats a great relief!! 

 

But I still wonder about the findings in roguekiller, any possible network threats and the temp files that cant be removed. yes I had already paid a subscription for mcafee livesafe ( previous laptop ) and have it installed on here, but csant work out how on earth i got anything ( conduit toolbar for example ) when the Laptop was brand new.

 

ive removed things so far, like windows games i dont need those, but will check ithers too .. thank you for your help :-)



#6 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:27 AM

Posted 12 December 2015 - 03:49 AM

I still wonder about the findings in roguekiller

 

False positives.

 

how on earth i got anything ( conduit toolbar for example ) when the Laptop was brand new.

 

New computers come bundled with all kinds of rubbish and I believe that the HP Toolbar is usually the culprit where Conduit is concerned.

 

AdwCleaner is a good program as are Junkware removal tool and Malwarebytes Anti-malware but it wouldn't be a bad idea to run an online scan to be sure nothing is left.

 

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.



    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:



o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.

If threats were found:




o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 


Edited by satchfan, 12 December 2015 - 03:52 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 12 December 2015 - 05:13 AM

thanks very much...I'll have a go -  I'll post report when done



#8 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:27 AM

Posted 12 December 2015 - 08:49 AM

:thumbup2:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 12 December 2015 - 02:39 PM

oh gosh, tried to download and begin the process ( after disabling mcafee firewall etc ) and it wont let me download clicking the button does nothing , right clicking only let me save a html page file:///C:/Users/patri/Desktop/8k1tvbvI.htm - any other way to get this. ??



#10 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 12 December 2015 - 02:43 PM

got it one sec starting again

 went to their help section and found the exe file there .. starting again now



#11 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 12 December 2015 - 02:57 PM

ok i got it going i think i turned everything off .. macafee firewall off,  virus and spyware protrection off, realtime scanning off,  updates off,  and macafee web advisor plug in disabled.... there is only one thing on mcafee livesafe 'subscription' ( green tick ) but cant stop that.. the ESET scanner noted in a list box macafee livesafe software running it may interfere with scanning results or some messge akin to that. but i have diabled everything currently - back when its finished



#12 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 12 December 2015 - 04:37 PM

ok all done, 'no threats found'  AND   'x factor on pause '

 

:guitar:   thank you anything else?

 

 ooh er, i  did a scan with hitman pro beforey you replied, ( as I thought you might have finished helpiung me ) and it came up with one hidden file.. likdr or something. is that obsolete now that we've done the online sccanner thing with eset?

 

also what would you recommend,(  I am still fairly paranoid slight effect now  ) and want to make sure im protected .. weekly /daily scans? with any anti virus or hacker blocking stuff ?

 

i have hitman pro, adware, malwarebytes, rkill, and roguekiller installed alongside the mcafee livesafe software..

 

In the meantime THANKYou for all your help i feel much better. :love4u:

 

its horrible geing a PC lover with PC paranoia after everything.

Also.. can you recommned what I do with my other laptop? so that I can clean it up, i might give it to my grandson if its clean etc x



#13 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:27 AM

Posted 13 December 2015 - 03:54 AM

i  did a scan with hitman pro beforey you replied, ( as I thought you might have finished helpiung me ) and it came up with one hidden file.. likdr or something. is that obsolete now that we've done the online sccanner thing with eset?

No idea what that is but if it was bad, Eset would have flagged it.
 

also what would you recommend,(  I am still fairly paranoid slight effect now  ) and want to make sure im protected .. weekly /daily scans? with any anti virus or hacker blocking stuff ?

We can tidy up now that your computer is OK and I’ll give recommensations.
 

THANKYou for all your help

You’re welcome.

Your computer appears to be clean so let’s tidy up.


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

===================================================
 

can you recommned what I do with my other laptop?

If you’d like me to look at the other laptop we can continue here; let me know and I’ll send instructions.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 13 December 2015 - 06:06 PM

Thank you very much I'll do this this early in the morning tomorrow and if not too much trouble I'll set up the other laptop to go through the scans again. Will it be the same process as we've done here for this one ? If so, I'll just get started on that after this one is thoroughly tidied up - I'm very grateful for your help, support and guidance - 👍👍👌🏼👌🏼 :-)

#15 HelpingT

HelpingT
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:27 AM

Posted 13 December 2015 - 06:08 PM

Oops sorry , " send instructions ". Yes please 👍




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users