New computer, week old, problem already. :(
Thanks in advance.
Click on a new screen and it brings up some kind of new tab in FF, something about "FastDailyFinds". Now it's "OnLineWebFind". Aggravating.
I've installed SpywareBlaster and MalwareBytes. Scanned with MWB and found a bunch of things from something called PlurPush. Like 130 instances, all preceded by "PUP.". Deleted.
Went to the instructions on how to post. DDS will not run. Says it's not meant to run in Compatibility Mode. Must not like 8.1.
Ran SecurityCheck:
Results of screen317's Security Check version 0.99.80
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 12.0.0.70
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````[/u]
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
Hi, Dean.
FastDailyFinds and Onlinewebfind are typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that bundled into their installation these adware programs.
1. Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop. <--Note: The provided link is a direct download link. Please save it to your desktop!
- Close all open programs and internet browsers.
- Run the tool by double-clicking it. Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
2. Please download Adware Cleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode to your Desktop. <--Note: The provided link is a direct download link. Please save it to your desktop!
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool. Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
- Click the Scan button and wait for the process to complete.
- Click the Report button and the report will open in Notepad.
IMPORTANT
- If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep,
Close the AdwCleaner windows.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Check off the element(s) you wish to keep.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
Side thought: Can I right click on DDS and run that in something other than a compatibility mode? I'll do the other stuff when I get back from work tonight.
sUBs hasn't updated his tools for Windows 8.1. They work with Windows 8 but he has not approved use on 8.1 yet.
Let's see how things are after running JRT and AdwCleaner. If you're still having problems or want further review, we can use RSIT to take a closer look.
The major thing that showed up was POKKI. It was something that came as part of Win8.1, I believe. False positive?
AdwCleaner log:
# AdwCleaner v3.022 - Report created 18/03/2014 at 02:36:36
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : DeanZF1 - DEANZF
# Running from : C:\Users\DeanZF1\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Folder Found C:\Users\DeanZF1\AppData\Local\Pokki
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default\prefs.js ]
Line Found : user_pref("extensions.aniweather.timeShifted", 468982);
*************************
AdwCleaner[R0].txt - [1711 octets] - [18/03/2014 02:29:08]
AdwCleaner[R1].txt - [1615 octets] - [18/03/2014 02:36:36]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1675 octets] ##########
And the JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by DeanZF1 on Tue 03/18/2014 at 2:04:46.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
Pokki REG_EXPAND_SZ C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\DeanZF1\appdata\local\searchprotect"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/18/2014 at 2:13:17.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Again, Thanks SO much for your continued dedication to bailing out so many of us. You are greatly appreciated.
It would appear Pokki came from Lenovo: http://blog.pokki.com/blog/2013/08/22/lenovo-pcs-now-come-with-pokki/
... an attempt to bring back the Windows 8 Start Menu ... http://techland.time.com/2013/08/23/lenovo-works-around-the-windows-8-start-screen-with-pokki-partnership/
It's likely that PlurPush was responsible for the pop-up ads you mentioned in your original post. Once you scanned/removed with MBAM did the pop-ups go away?
no, plurpush is still alive on my machine :(
Hi, Dean.
Check installed programs for PlurPush 3.0. With Windows 8, drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel". Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control Panel from there, then select Uninstall a program.
It's a tricky little program. I did the CP and uninstalled. Literal appeared, "There were problems uninstalling PlurPush." It asked if I did want to remove it from the list. I said yes, closed the control panel and clicked back into FF to let you know. It immediately launched another tab with a small popup in the lower right corner "PlurPush" with a link and the ability to x out of the popup.
How about if you try to delete it directly from Firefox ...
1. Press Alt+T and then select Add-ons.
2. In the menu on the left click Extensions.
3. Select the extension you want to delete from the list (PlurPush and related items) and click Remove.
Can you post the log from the MBAM scan where you removed all those PUP items? I wonder if some of them required a re-boot ... you'd see "Delete on reboot" at the end of the line.
nothing in extensions.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.17.01
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
DeanZF1 :: DEANZF [administrator]
Protection: Enabled
3/16/2014 8:51:48 PM
mbam-log-2014-03-16 (20-51-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221934
Time elapsed: 3 minute(s), 20 second(s)
Memory Processes Detected: 2
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (PUP.Optional.PlurPush.A) -> 6664 -> Delete on reboot.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe (PUP.Optional.PlurPush.A) -> 3152 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 16
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{089ede16-f82f-4cb5-b64e-433860459d81} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\Interface\{6A9F605F-89D1-4AF7-8747-2A17F002E20E} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBAD73139-FBC0-422F-8017-BC4E0F30A5F4&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 22
C:\Program Files (x86)\PlurPush (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin\plugins (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
Files Detected: 94
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPushBHO.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\DM1394054416.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nsd6DD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nss1FB6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nscF681\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\2BFOK3E9\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\QZ2USOML\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\XNAZW8US\Setup[1].exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPush.ico (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\7za.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPushUninstall.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\updatePlurPush.InstallState (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserFilter.Helper.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserFilter.Helper.dll.old.b3436a22-a2cd-41c6-ba06-141ab46477aa (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPushBrowserFilter.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\sqlite3.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.InstallState (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BrowserFilterG.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.FFUpdate.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
(end)
Also, with MWB, I opened it up to find the log and decided to click on a couple of the other tabs. I definitely "deleted" all 130 of the PlurPush items. When I clicked on the quarantine tab, lo and behold, they were all still there! I cleaned out the quarantine ward. I've restarted each time the various checkers have instructed to do so.
MBAM followed by JRT & AdwCleaner should have gotten it. Let's see if RSIT shows something. This is for the 64x version since your 8.1 machine is 64-bit.
- Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSITx64.exe) and save it to your desktop.
- Double click on RSITx64.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
LOG
Logfile of random's system information tool 1.09 (written by random/random)
Run by DeanZF1 at 2014-03-18 14:20:24
Microsoft Windows 8.1
System drive C: has 401 GB (92%) free of 437 GB
Total RAM: 4008 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:20:39 PM, on 3/18/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\trend micro\DeanZF1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKCU\..\Run: [Pokki] C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @oem59.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10757 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
C:\windows\system32\CxAudMsg64.exe
dashost.exe {93904673-70f1-4c6d-b8bf9ff1199a80b2}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files\McAfee\MSC\McAPExe.exe"
"C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\windows\system32\mfevtps.exe"
"C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe"
C:\windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\windows\SysWOW64\SAsrv.exe
"C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe"
"C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac081c0b-f899-43ba-a4e6-19fee8700f68 -SystemEventPortName:HostProcess-1f4467d6-7427-4c03-bab2-93423d81cba5 -IoCancelEventPortName:HostProcess-1e965710-f60d-4c0c-8ad7-b9331e7a5440 -NonStateChangingEventPortName:HostProcess-c178e5a6-7442-4218-a8c1-a78b1a59a7c5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d897c1df-4955-494e-b634-5974e88fa16c -DeviceGroupId:WudfDefaultDevicePool
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\windows\Explorer.EXE
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\skydrive.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"
"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe"
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/8/OneClickSignIn/BlueOnWhite/Prefetch/ContentPrefetchPrefetchOff/Prerender/Prerender15minTTL/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/group_01/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="4984.1.729718186\1990092100" /prefetch:3
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe"
"C:\Users\DeanZF1\Desktop\RSITx64.exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default
prefs.js - "browser.startup.homepage" - "https://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default\extensions\
{578e7caa-210f-4967-a0d3-88fe5b59a39f}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-08-31 36352]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-09-11 391128]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-09-11 771032]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-09-11 769496]
"RtsFT"=C:\windows\RTFTrack.exe [2013-07-19 6340312]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-07-24 903384]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-12 1647616]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-02-14 15813616]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-02-14 80880]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\DeanZF1\AppData\Local\Pokki\Engine\Launcher.dll [2014-03-14 1839896]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20922016]
"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2014-02-25 496192]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-07-24 537512]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-06 214312]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-09-11 623104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-03-18 14:20:24 ----D---- C:\rsit
2014-03-18 14:20:24 ----D---- C:\Program Files\trend micro
2014-03-18 02:29:03 ----D---- C:\AdwCleaner
2014-03-18 02:16:39 ----D---- C:\450b7683668c85003ed5b04f2d68
2014-03-18 02:04:40 ----D---- C:\windows\ERUNT
2014-03-18 02:03:52 ----A---- C:\windows\system32\shell32.dll
2014-03-18 02:03:50 ----A---- C:\windows\system32\Windows.UI.Xaml.dll
2014-03-18 02:03:49 ----A---- C:\windows\SYSWOW64\Windows.UI.Xaml.dll
2014-03-18 02:03:47 ----A---- C:\windows\SYSWOW64\shell32.dll
2014-03-18 02:03:45 ----A---- C:\windows\system32\schedsvc.dll
2014-03-18 02:03:44 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2014-03-18 02:03:43 ----A---- C:\windows\system32\mfsvr.dll
2014-03-18 02:03:43 ----A---- C:\windows\system32\MFMediaEngine.dll
2014-03-18 02:03:42 ----A---- C:\windows\system32\SettingSyncHost.exe
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\SettingSyncHost.exe
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\mfsvr.dll
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\MFMediaEngine.dll
2014-03-18 02:03:41 ----A---- C:\windows\system32\XpsGdiConverter.dll
2014-03-18 02:03:41 ----A---- C:\windows\system32\SettingSyncCore.dll
2014-03-18 02:03:40 ----A---- C:\windows\SYSWOW64\SettingSyncCore.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\ReAgent.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\pnrpsvc.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\MsSpellCheckingFacility.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\hal.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\XpsGdiConverter.dll
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\WSClient.dll
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\ReAgent.dll
2014-03-18 02:03:39 ----A---- C:\windows\system32\WSClient.dll
2014-03-18 02:03:36 ----A---- C:\windows\SYSWOW64\ntdll.dll
2014-03-18 02:03:35 ----A---- C:\windows\system32\reseteng.dll
2014-03-18 02:03:34 ----A---- C:\windows\SYSWOW64\MsSpellCheckingFacility.dll
2014-03-18 02:03:34 ----A---- C:\windows\system32\ntdll.dll
2014-03-18 02:03:34 ----A---- C:\windows\system32\easinvoker.exe
2014-03-18 02:03:34 ----A---- C:\windows\system32\drivers\rdbss.sys
2014-03-18 02:03:33 ----A---- C:\windows\system32\sti.dll
2014-03-18 02:03:32 ----A---- C:\windows\system32\easwrt.dll
2014-03-18 02:03:32 ----A---- C:\windows\system32\drivers\USBXHCI.SYS
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\sti.dll
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\OEMLicense.dll
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\easwrt.dll
2014-03-18 02:03:31 ----A---- C:\windows\system32\OEMLicense.dll
2014-03-16 21:21:51 ----D---- C:\ProgramData\Licenses
2014-03-16 21:21:47 ----A---- C:\windows\SYSWOW64\MSSTDFMT.DLL
2014-03-16 21:21:46 ----D---- C:\Program Files (x86)\SpywareBlaster
2014-03-16 20:40:22 ----D---- C:\Users\DeanZF1\AppData\Roaming\Malwarebytes
2014-03-16 20:40:13 ----D---- C:\ProgramData\Malwarebytes
2014-03-16 20:40:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 20:40:10 ----A---- C:\windows\system32\drivers\mbam.sys
2014-03-12 15:48:26 ----A---- C:\windows\system32\sppsvc.exe
2014-03-12 15:48:26 ----A---- C:\windows\system32\drivers\tcpip.sys
2014-03-12 15:48:25 ----A---- C:\windows\SYSWOW64\mfcore.dll
2014-03-12 15:48:25 ----A---- C:\windows\system32\mfcore.dll
2014-03-12 15:48:25 ----A---- C:\windows\system32\combase.dll
2014-03-12 15:48:24 ----A---- C:\windows\SYSWOW64\combase.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\mstscax.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\mfmpeg2srcsnk.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\kernel32.dll
2014-03-12 15:48:23 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-03-12 15:48:23 ----A---- C:\windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-03-12 15:48:23 ----A---- C:\windows\system32\dbgeng.dll
2014-03-12 15:48:22 ----A---- C:\windows\SYSWOW64\kernel32.dll
2014-03-12 15:48:22 ----A---- C:\windows\SYSWOW64\dbgeng.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\swprv.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\Faultrep.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\dbghelp.dll
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\WerFault.exe
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\Faultrep.dll
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\dbghelp.dll
2014-03-12 15:48:21 ----A---- C:\windows\system32\WerFault.exe
2014-03-12 15:48:21 ----A---- C:\windows\system32\mfps.dll
2014-03-12 15:48:20 ----A---- C:\windows\SYSWOW64\rdpencom.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\tsgqec.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\rdvidcrl.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\rdpencom.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\DWWIN.EXE
2014-03-12 15:48:20 ----A---- C:\windows\system32\drivers\volsnap.sys
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\DWWIN.EXE
2014-03-12 15:48:19 ----A---- C:\windows\system32\sppcomapi.dll
2014-03-12 15:48:13 ----A---- C:\windows\system32\winload.exe
2014-03-12 15:48:11 ----A---- C:\windows\system32\mshtml.dll
2014-03-12 15:48:10 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-03-12 15:48:08 ----A---- C:\windows\system32\ieframe.dll
2014-03-12 15:48:07 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-03-12 15:48:07 ----A---- C:\windows\system32\iertutil.dll
2014-03-12 15:48:06 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-03-12 15:48:06 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-03-12 15:48:06 ----A---- C:\windows\system32\jscript9.dll
2014-03-12 15:48:06 ----A---- C:\windows\system32\ie4uinit.exe
2014-03-12 15:48:05 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-03-12 15:48:05 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\wininet.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\urlmon.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\msfeeds.dll
2014-03-12 15:48:04 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-03-12 15:48:04 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-03-12 15:48:04 ----A---- C:\windows\system32\ieapfltr.dll
2014-03-12 15:47:57 ----A---- C:\windows\system32\drivers\WdFilter.sys
2014-03-12 15:47:54 ----A---- C:\windows\system32\drivers\WdBoot.sys
2014-03-12 15:47:51 ----A---- C:\windows\system32\drivers\WdNisDrv.sys
2014-03-12 15:47:40 ----A---- C:\windows\SYSWOW64\qedit.dll
2014-03-12 15:47:40 ----A---- C:\windows\system32\qedit.dll
2014-03-12 15:47:39 ----A---- C:\windows\system32\win32k.sys
2014-03-10 00:03:20 ----D---- C:\Users\DeanZF1\AppData\Roaming\WinPatrol
2014-03-10 00:03:05 ----D---- C:\ProgramData\InstallMate
2014-03-10 00:03:05 ----D---- C:\Program Files (x86)\BillP Studios
2014-03-09 15:10:06 ----SHD---- C:\Config.Msi
2014-03-08 21:29:04 ----D---- C:\Users\DeanZF1\AppData\Roaming\Nitro
2014-03-08 21:29:04 ----D---- C:\Users\DeanZF1\AppData\Roaming\FileOpen
2014-03-08 21:29:04 ----D---- C:\ProgramData\FileOpen
2014-03-08 15:04:35 ----A---- C:\windows\system32\WSShared.dll
2014-03-08 15:04:35 ----A---- C:\windows\system32\WSService.dll
2014-03-08 15:04:34 ----A---- C:\windows\SYSWOW64\WSShared.dll
2014-03-08 15:04:33 ----A---- C:\windows\system32\WSCollect.exe
2014-03-08 15:04:32 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-08 15:04:32 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-08 15:04:30 ----A---- C:\windows\SYSWOW64\pcaui.exe
2014-03-08 15:04:30 ----A---- C:\windows\system32\pcaui.exe
2014-03-08 15:04:27 ----A---- C:\windows\SYSWOW64\msdrm.dll
2014-03-08 15:04:27 ----A---- C:\windows\system32\msdrm.dll
2014-03-08 15:04:02 ----A---- C:\windows\SYSWOW64\WMPhoto.dll
2014-03-08 15:04:02 ----A---- C:\windows\system32\WMPhoto.dll
2014-03-08 15:04:01 ----A---- C:\windows\system32\KernelBase.dll
2014-03-08 15:04:00 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2014-03-08 15:03:59 ----A---- C:\windows\system32\uDWM.dll
2014-03-08 15:03:57 ----A---- C:\windows\SYSWOW64\mdmregistration.dll
2014-03-08 15:03:57 ----A---- C:\windows\system32\mdmregistration.dll
2014-03-08 15:03:57 ----A---- C:\windows\system32\MDMAgent.exe
2014-03-08 15:03:53 ----A---- C:\windows\SYSWOW64\Windows.UI.Search.dll
2014-03-08 15:03:53 ----A---- C:\windows\system32\Windows.UI.Search.dll
2014-03-08 15:03:52 ----A---- C:\windows\system32\twinui.dll
2014-03-08 15:03:51 ----A---- C:\windows\SYSWOW64\twinui.dll
2014-03-08 15:03:51 ----A---- C:\windows\system32\SearchFolder.dll
2014-03-08 15:03:50 ----A---- C:\windows\SYSWOW64\SearchFolder.dll
2014-03-08 15:03:49 ----A---- C:\windows\SYSWOW64\propsys.dll
2014-03-08 15:03:49 ----A---- C:\windows\system32\propsys.dll
2014-03-08 15:03:40 ----A---- C:\windows\system32\SyncEngine.dll
2014-03-08 15:03:39 ----A---- C:\windows\system32\SkyDrive.exe
2014-03-08 15:03:37 ----A---- C:\windows\system32\SkyDriveTelemetry.dll
2014-03-08 15:03:37 ----A---- C:\windows\system32\MrmCoreR.dll
2014-03-08 15:03:37 ----A---- C:\windows\system32\actxprxy.dll
2014-03-08 15:03:36 ----A---- C:\windows\SYSWOW64\MrmCoreR.dll
2014-03-08 15:03:36 ----A---- C:\windows\system32\SkyDriveShell.dll
2014-03-08 15:03:35 ----A---- C:\windows\SYSWOW64\SkyDriveShell.dll
2014-03-08 15:03:34 ----A---- C:\windows\SYSWOW64\actxprxy.dll
2014-03-08 15:03:31 ----A---- C:\windows\system32\winbici.dll
2014-03-08 14:59:14 ----D---- C:\Program Files\office.tmp
2014-03-08 14:19:07 ----D---- C:\windows\PCHEALTH
2014-03-08 14:13:53 ----D---- C:\Program Files\Microsoft Office
2014-03-08 14:13:21 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2014-03-08 14:12:10 ----D---- C:\ProgramData\Microsoft Help
2014-03-07 15:50:21 ----D---- C:\windows\system32\MRT
2014-03-07 15:50:16 ----A---- C:\windows\system32\MRT.exe
2014-03-07 12:37:17 ----A---- C:\windows\system32\wuaueng.dll
2014-03-07 12:37:16 ----A---- C:\windows\explorer.exe
2014-03-07 12:37:15 ----A---- C:\windows\SYSWOW64\explorer.exe
2014-03-07 12:37:15 ----A---- C:\windows\system32\workfolderssvc.dll
2014-03-07 12:37:15 ----A---- C:\windows\system32\mfasfsrcsnk.dll
2014-03-07 12:37:14 ----A---- C:\windows\SYSWOW64\mfasfsrcsnk.dll
2014-03-07 12:37:12 ----A---- C:\windows\system32\d3d9.dll
2014-03-07 12:37:10 ----A---- C:\windows\system32\Windows.Web.Http.dll
2014-03-07 12:37:09 ----A---- C:\windows\SYSWOW64\d3d9.dll
2014-03-07 12:37:09 ----A---- C:\windows\system32\TSWorkspace.dll
2014-03-07 12:37:08 ----A---- C:\windows\SYSWOW64\UIAutomationCore.dll
2014-03-07 12:37:08 ----A---- C:\windows\system32\dnsapi.dll
2014-03-07 12:37:07 ----A---- C:\windows\system32\Windows.Media.dll
2014-03-07 12:37:07 ----A---- C:\windows\system32\UIAutomationCore.dll
2014-03-07 12:37:06 ----A---- C:\windows\SYSWOW64\user32.dll
2014-03-07 12:37:06 ----A---- C:\windows\system32\WWAHost.exe
2014-03-07 12:37:06 ----A---- C:\windows\system32\d3d10level9.dll
2014-03-07 12:37:05 ----A---- C:\windows\SYSWOW64\comdlg32.dll
2014-03-07 12:37:05 ----A---- C:\windows\system32\WorkfoldersControl.dll
2014-03-07 12:37:04 ----A---- C:\windows\SYSWOW64\WWAHost.exe
2014-03-07 12:37:04 ----A---- C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-03-07 12:37:04 ----A---- C:\windows\system32\eapphost.dll
2014-03-07 12:37:04 ----A---- C:\windows\system32\drivers\acpi.sys
2014-03-07 12:37:03 ----A---- C:\windows\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2014-03-07 12:37:03 ----A---- C:\windows\SYSWOW64\Windows.Media.dll
2014-03-07 12:37:03 ----A---- C:\windows\system32\kd_02_8086.dll
2014-03-07 12:37:02 ----A---- C:\windows\SYSWOW64\dnsapi.dll
2014-03-07 12:37:02 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2014-03-07 12:37:02 ----A---- C:\windows\system32\tsmf.dll
2014-03-07 12:37:02 ----A---- C:\windows\system32\AudioSes.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\eapp3hst.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\comdlg32.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\apphelp.dll
2014-03-07 12:37:00 ----A---- C:\windows\SYSWOW64\TSWorkspace.dll
2014-03-07 12:37:00 ----A---- C:\windows\SYSWOW64\tsmf.dll
2014-03-07 12:37:00 ----A---- C:\windows\system32\wintrust.dll
2014-03-07 12:36:59 ----A---- C:\windows\SYSWOW64\apphelp.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\pcsvDevice.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\ncryptsslp.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\drivers\srv.sys
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\Windows.Web.Http.dll
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\ncryptsslp.dll
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\eapphost.dll
2014-03-07 12:36:58 ----A---- C:\windows\system32\profsvc.dll
2014-03-07 12:36:58 ----A---- C:\windows\system32\msched.dll
2014-03-07 12:36:57 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-03-07 12:36:57 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-03-07 12:36:57 ----A---- C:\windows\system32\samsrv.dll
2014-03-07 12:36:57 ----A---- C:\windows\system32\drivers\usbccgp.sys
2014-03-07 12:36:56 ----A---- C:\windows\system32\wldp.dll
2014-03-07 12:36:56 ----A---- C:\windows\system32\iphlpsvc.dll
2014-03-07 12:36:56 ----A---- C:\windows\system32\drivers\rdyboost.sys
2014-03-07 12:36:55 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-03-07 12:36:55 ----A---- C:\windows\system32\drivers\stornvme.sys
2014-03-07 12:36:55 ----A---- C:\windows\system32\dafBth.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\WUSettingsProvider.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\wuauclt.exe
2014-03-07 12:36:54 ----A---- C:\windows\system32\shsetup.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\dafWfdProvider.dll
2014-03-07 12:36:53 ----A---- C:\windows\SYSWOW64\shsetup.dll
2014-03-07 12:36:53 ----A---- C:\windows\system32\eappcfg.dll
2014-03-07 12:36:53 ----A---- C:\windows\system32\dnsrslvr.dll
2014-03-07 12:36:52 ----A---- C:\windows\system32\WiFiDisplay.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eappgnui.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eappcfg.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eapp3hst.dll
2014-03-07 12:36:51 ----A---- C:\windows\system32\eappgnui.dll
2014-03-07 12:36:49 ----A---- C:\windows\SYSWOW64\ftp.exe
2014-03-07 12:36:49 ----A---- C:\windows\system32\wucltux.dll
2014-03-07 12:36:49 ----A---- C:\windows\system32\WorkFoldersShell.dll
2014-03-07 12:36:47 ----A---- C:\windows\system32\rdpclip.exe
2014-03-07 12:36:47 ----A---- C:\windows\system32\ftp.exe
2014-03-07 12:36:46 ----A---- C:\windows\SYSWOW64\miutils.dll
2014-03-07 12:36:46 ----A---- C:\windows\system32\miutils.dll
2014-03-07 12:34:36 ----A---- C:\windows\system32\msmpeg2vdec.dll
2014-03-07 12:34:34 ----A---- C:\windows\SYSWOW64\msmpeg2vdec.dll
2014-03-07 12:34:19 ----A---- C:\windows\system32\winmde.dll
2014-03-07 12:34:19 ----A---- C:\windows\system32\drivers\ndis.sys
2014-03-07 12:34:19 ----A---- C:\windows\system32\authui.dll
2014-03-07 12:34:18 ----A---- C:\windows\system32\audiosrv.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\wmpmde.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\SystemEventsBrokerServer.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2014-03-07 12:34:16 ----A---- C:\windows\SYSWOW64\authui.dll
2014-03-07 12:34:16 ----A---- C:\windows\system32\ubpm.dll
2014-03-07 12:34:15 ----A---- C:\windows\SYSWOW64\winmde.dll
2014-03-07 12:34:15 ----A---- C:\windows\system32\wlansvc.dll
2014-03-07 12:34:15 ----A---- C:\windows\system32\bisrv.dll
2014-03-07 12:34:14 ----A---- C:\windows\system32\ploptin.dll
2014-03-07 12:34:14 ----A---- C:\windows\system32\mfmp4srcsnk.dll
2014-03-07 12:34:13 ----A---- C:\windows\SYSWOW64\mfmp4srcsnk.dll
2014-03-07 12:34:13 ----A---- C:\windows\system32\oleaut32.dll
2014-03-07 12:34:13 ----A---- C:\windows\system32\mfds.dll
2014-03-07 12:34:12 ----A---- C:\windows\SYSWOW64\mfds.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\Windows.Graphics.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\psmsrv.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\lsasrv.dll
2014-03-07 12:34:11 ----A---- C:\windows\SYSWOW64\Windows.Graphics.dll
2014-03-07 12:34:11 ----A---- C:\windows\system32\rastls.dll
2014-03-07 12:34:11 ----A---- C:\windows\system32\drivers\USBSTOR.SYS
2014-03-07 12:34:10 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2014-03-07 12:34:10 ----A---- C:\windows\system32\msieftp.dll
2014-03-07 12:34:10 ----A---- C:\windows\system32\drivers\ipnat.sys
2014-03-07 12:34:09 ----A---- C:\windows\SYSWOW64\mispace.dll
2014-03-07 12:34:09 ----A---- C:\windows\system32\mispace.dll
2014-03-07 12:34:09 ----A---- C:\windows\system32\bi.dll
2014-03-07 12:34:08 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-03-07 12:34:08 ----A---- C:\windows\SYSWOW64\msieftp.dll
2014-03-07 12:34:08 ----A---- C:\windows\system32\drivers\BtaMPM.sys
2014-03-07 12:34:07 ----A---- C:\windows\system32\deviceregistration.dll
2014-03-07 12:31:31 ----A---- C:\windows\system32\twinui.appcore.dll
2014-03-07 12:31:30 ----A---- C:\windows\SYSWOW64\twinui.appcore.dll
2014-03-07 12:30:42 ----A---- C:\windows\system32\AppXDeploymentServer.dll
2014-03-07 12:30:41 ----A---- C:\windows\system32\ntoskrnl.exe
2014-03-07 12:30:40 ----A---- C:\windows\system32\dwmcore.dll
2014-03-07 12:30:39 ----A---- C:\windows\SYSWOW64\dwmcore.dll
2014-03-07 12:30:39 ----A---- C:\windows\system32\SettingsHandlers.dll
2014-03-07 12:30:38 ----A---- C:\windows\system32\dcomp.dll
2014-03-07 12:30:37 ----A---- C:\windows\system32\msftedit.dll
2014-03-07 12:30:36 ----A---- C:\windows\system32\wlidcli.dll
2014-03-07 12:30:35 ----A---- C:
Quote from: PastyWhiteGuy on March 18, 2014, 06:46:18 PM
... I've restarted each time the various checkers have instructed to do so.
Just to clarify, did you reboot the computer immediately after the first MBAM run when all that junk was detected?
I don't have video, sorry, but if the program TOLD me to restart, I restarted. If it did not specify, I can't tell you for certain. If it was one of the things that I got instructions for here, and I was told to restart, then I restarted. Not sure that's helpful, but it's all I have.
Let's try the simple thing first ... update MBAM and run it again. If it finds anything, and there are any items with "delete on reboot" noted, please reboot the computer. Also, post that log please.
I ran a full scan, just on the off chance that something was more deeply hidden; I was not sure that the quick scan actually looked at the small D:\ drive (proprietary stuff). Nothing found. :( Waiting for the next step.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.17.01
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
DeanZF1 :: DEANZF [administrator]
Protection: Enabled
3/19/2014 11:53:06 AM
mbam-log-2014-03-19 (11-53-06).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374030
Time elapsed: 38 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Corrine and I have been working on a few things in the back room behind the curtains ... :cool:
In the meanwhile, let's get a second opinion from the ESET online scanner:
Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic.
It could take a while for this scan to complete, so pour a cup of coffee and take a break :D
The log for ESET does not tell the entire story. Pretty puny log for a 53 minute scan. It was a TWO cup and 6 Sudoku puzzle (on paper, of course) scan.
I did run it from IE. FF and Skype were both open but unused. Does that matter? Instructions did not say
It found BrowseFox.C in my AppData. This is the entire log, 112 bytes. It looks more like an install log than a results log, at least to me. I searched the drive for a different "log.txt" and found none.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
That's all there is. I feel like LoonyTunes! :tongue: yabadeeyabadeeyabadee that's all folks.
I did not delete anything. It was not an option. Not the found file or the scanning software.
Since the Pokki is a Conduit toolbar, I've asked my contact if its removal will affect the Lenovo utility (LSC). In the meantime, you have a few options.
1. You could reset FF to default: Reset Firefox preferences to troubleshoot and fix problems | Firefox Help (https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems)
2. Try FF in Safe Mode to see if you still get the PlurPush then.
3. Install Extension List Dumper :: Add-ons for Firefox (https://addons.mozilla.org/en-US/firefox/addon/extension-list-dumper/) and select a Text file output, posting the results here for us to look at.
(note to self) BrowseFox.A was in the original MBAM log
Quote from: winchester73 on March 19, 2014, 08:52:13 PM
(note to self) BrowseFox.A was in the original MBAM log
So was PlurPush and neither showed in the RSIT log, although it is difficult to say how up-to-date RSIT is.
Dean, I heard back from my contact who, in turn, asked at Lenovo and was told that LSC is pretty much a stand alone. Thus, it will not be impaired by removal of the toolbar. In fact, my contact removed it from a Lenovo 2014 TP Carbon X1 a couple of weeks ago with no issues.
So, for the next step, please run AdwCleaner and JRT again but this time, please let AdwCleaner remove what it finds.
Double-click
AdwCleaner.exe to run the tool again.
- Click the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
- After the scan has finished,
- This time click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then please run JRT once again:
- Close all open programs and internet browsers.
- Run the tool by double-clicking it. Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Let us know if we need to change your username to LoonyTunes or if the problem has been solved. :D
QuoteIn fact, my contact removed it from a Lenovo 2014 TP Carbon X1 a couple of weeks ago with no issues.
The very machine I have coveted for some time :smiley:
Quote from: Corrine on March 19, 2014, 10:04:08 PM
Let us know if we need to change your username to LoonyTunes or if the problem has been solved. :D
It may come to that, but I will need a Porky Pig smilie.
Logs for AdwCleanr, then JRT:
# AdwCleaner v3.022 - Report created 20/03/2014 at 01:46:44
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : DeanZF1 - DEANZF
# Running from : C:\Users\DeanZF1\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\DeanZF1\AppData\Local\Pokki
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default\prefs.js ]
Line Deleted : user_pref("extensions.aniweather.timeShifted", 468982);
*************************
AdwCleaner[R0].txt - [1711 octets] - [18/03/2014 02:29:08]
AdwCleaner[R1].txt - [1771 octets] - [18/03/2014 02:36:36]
AdwCleaner[R2].txt - [1831 octets] - [20/03/2014 01:45:42]
AdwCleaner[S0].txt - [1731 octets] - [20/03/2014 01:46:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1791 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by DeanZF1 on Thu 03/20/2014 at 1:53:09.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\DeanZF1\AppData\Roaming\mozilla\firefox\profiles\4tg6asne.default\prefs.js
user_pref("extensions.tacache.cache", "[{\"title\":\"Modify message\",\"text\":\"I don't have video, sorry, but if the program TOLD me to restart, I restarted. If it did not s
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/20/2014 at 2:00:58.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How are things now?
You likely saw that Firefox has been updated to v28.
Well, I honestly have not had any time to surf for the last few days. Time has been consumed with scans!
I went to check my current version of FF, saw that it was 27.0.1, and without my asking, it updated to 28. Maybe it had already downloaded and was ready to update and I missed it.
I'll play a little before I go to work and see what I can discover. So far, PlurPush has not reared its ugly head.
Separate question but related: Right now, the only AV I'm running is the sample that came with the machine, Macafee. I've never been a fan. I've previously paid the buck for Symantec/Norton AV and Norton Utilities, but my last experience with them was not good. What are your recommendations for solid substantive AV protection?
TIA.
I was a long time fan of Symantec. However, when I changed to win7 I went with MS firewall, MSE and Malwarebytes Pro and have been very happy and infection free.
Quote from: MikeW on March 20, 2014, 07:08:49 PM
very happy and infection free.
Well, that's certainly where I want to be. It's painfully obvious that Macafee can't do that. I appreciate the advice, Mike.
I have switched all of my boxes from the paid ESET NOD32 to the free MSE. To add to what Mike said, keep your box locked down with the other tools and you shouldn't have any worries ...
Do you have WinPatrol installed?
Another suggestion to consider is Malwarebytes Pro, which is currently a lifetime license. When version 2 is released, it will no longer be a lifetime license and instead be an annual subscription. However, the license purchased with version 1.x will be honored as a lifetime license!
Note: The Windows 8/8.1 version of MSE is Windows Defender.
Yes, WinPatrol Plus is installed (loved that $2 gift).
Malwarebytes pro is tonight's adventure, and I'm guessing that I'll do MSE/Windows Defender tomorrow while my honey is awake and we can talk about it.
What about POKKI? Should that be reinstalled? If it isn't do I suffer anything other than the loss of the start button paradigm?
Still looking for the Porky Pig smilie...
Hi, Dean.
The problem I have with Pokki is that it is a Conduit "Community Toolbar". It redirects searches and Conduit toolbars are also reputed to have a certain trackware functionality, often bundled with various third party software. However, it is, after all, your computer so it is up to you if you wish to restore Pokki from the AdwCleaner quarantine.
Windows 8.1 did return the Start Button, just not the Start Menu. I was going to include Stardock's Start 8 ($5) as a suggestion if you wanted an adware free program but discovered it now includes an "Adpeak" adware variant.
From what I could find in my research, the three listed below are free of adware.
Start Is Back: ($3 for 2 machines): StartIsBack - real start menu for Windows 8 and Windows 8.1 (http://startisback.com/)
Start Menu X (free & Pro version): Start Menu X (http://www.startmenux.com/index.html)
Classic Shell (free): Classic Shell - Start menu and other Windows enhancements (http://classicshell.net/)
Most importantly, at this point, after you've spent some time on your laptop, please let us know if is PlurPush gone.
back from hunting wascawy wabbits, evil malware and other exciting adventures. :Win73:
I have a classic start button, winpatrol pro, malwarebytes pro and spyware blaster (nonpro) and the MS firewall.
So far no little PlurPush pop-ups or pop-ins. Corrine's Crew to the resCue again. Y'all are amazing and I'm grateful. :thumbsup:
Excellent, Dean! We were very happy to help. I'm glad you were able to take advantage of the WinPatrol Pro offer as well as getting the MBAM Pro license while it is still a lifetime license.
In that case, I think you can put the rifle away now.