Adware issue in Win8.1-Lenovo

Started by PastyWhiteGuy, March 17, 2014, 03:00:48 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3
User actions

PastyWhiteGuy

March 17, 2014, 03:00:48 AM
New computer, week old, problem already. :(

Thanks in advance.

Click on a new screen and it brings up some kind of new tab in FF, something about "FastDailyFinds". Now it's "OnLineWebFind". Aggravating.

I've installed SpywareBlaster and MalwareBytes. Scanned with MWB and found a bunch of things from something called PlurPush. Like 130 instances, all preceded by "PUP.". Deleted.

Went to the instructions on how to post. DDS will not run. Says it's not meant to run in Compatibility Mode. Must not like 8.1.

Ran SecurityCheck:

Results of screen317's Security Check version 0.99.80 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 5.0   
Malwarebytes Anti-Malware version 1.75.0.1300 
Adobe Flash Player    12.0.0.70 
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe   
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]
--
DeanZF
aka PastyWhiteGuy

Corrine

#1
March 17, 2014, 06:46:21 PM
Hi, Dean.

FastDailyFinds and Onlinewebfind are typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that bundled into their installation these adware programs.

1.  Please download Junkware Removal Tool to your desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Run the tool by double-clicking it.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
2.  Please download Adware Cleaner by Xplode to your Desktop.  <--Note:  The provided link is a direct download link.  Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

PastyWhiteGuy

#2
March 17, 2014, 07:07:36 PM
Side thought: Can I right click on DDS and run that in something other than a compatibility mode? I'll do the other stuff when I get back from work tonight.
--
DeanZF
aka PastyWhiteGuy

Corrine

#3
March 17, 2014, 07:45:36 PM
sUBs hasn't updated his tools for Windows 8.1.  They work with Windows 8 but he has not approved use on 8.1 yet.

Let's see how things are after running JRT and AdwCleaner.  If you're still having problems or want further review, we can use RSIT to take a closer look.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

PastyWhiteGuy

#4
March 18, 2014, 07:42:19 AM
The major thing that showed up was POKKI. It was something that came as part of Win8.1, I believe. False positive?

AdwCleaner log:

# AdwCleaner v3.022 - Report created 18/03/2014 at 02:36:36
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : DeanZF1 - DEANZF
# Running from : C:\Users\DeanZF1\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Folder Found C:\Users\DeanZF1\AppData\Local\Pokki

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default\prefs.js ]

Line Found : user_pref("extensions.aniweather.timeShifted", 468982);

*************************

AdwCleaner[R0].txt - [1711 octets] - [18/03/2014 02:29:08]
AdwCleaner[R1].txt - [1615 octets] - [18/03/2014 02:36:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1675 octets] ##########

And the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by DeanZF1 on Tue 03/18/2014 at  2:04:46.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    Pokki    REG_EXPAND_SZ    C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\DeanZF1\appdata\local\searchprotect"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/18/2014 at  2:13:17.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Again, Thanks SO much for your continued dedication to bailing out so many of us. You are greatly appreciated.
--
DeanZF
aka PastyWhiteGuy

winchester73

#5
March 18, 2014, 12:41:05 PM
It would appear Pokki came from Lenovo: http://blog.pokki.com/blog/2013/08/22/lenovo-pcs-now-come-with-pokki/

... an attempt to bring back the Windows 8 Start Menu ... http://techland.time.com/2013/08/23/lenovo-works-around-the-windows-8-start-screen-with-pokki-partnership/

It's likely that PlurPush was responsible for the pop-up ads you mentioned in your original post.  Once you scanned/removed with MBAM did the pop-ups go away?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

PastyWhiteGuy

#6
March 18, 2014, 05:04:14 PM
no, plurpush is still alive on my machine :(
--
DeanZF
aka PastyWhiteGuy

Corrine

#7
March 18, 2014, 05:13:48 PM
Hi, Dean.

Check installed programs for PlurPush 3.0.  With Windows 8, drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel". Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control Panel from there, then select Uninstall a program.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

PastyWhiteGuy

#8
March 18, 2014, 05:28:28 PM
It's a tricky little program. I did the CP and uninstalled. Literal appeared, "There were problems uninstalling PlurPush." It asked if I did want to remove it from the list. I said yes, closed the control panel and clicked back into FF to let you know. It immediately launched another tab with a small popup in the lower right corner "PlurPush" with a link and the ability to x out of the popup.
--
DeanZF
aka PastyWhiteGuy

winchester73

#9
March 18, 2014, 05:34:56 PM
How about if you try to delete it directly from Firefox ...

1. Press Alt+T and then select Add-ons.
2. In the menu on the left click Extensions.
3. Select the extension you want to delete from the list (PlurPush and related items) and click Remove.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

winchester73

#10
March 18, 2014, 05:39:29 PM
Can you post the log from the MBAM scan where you removed all those PUP items?  I wonder if some of them required a re-boot ... you'd see "Delete on reboot" at the end of the line.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

PastyWhiteGuy

#11
March 18, 2014, 06:28:35 PM
nothing in extensions.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.17.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
DeanZF1 :: DEANZF [administrator]

Protection: Enabled

3/16/2014 8:51:48 PM
mbam-log-2014-03-16 (20-51-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221934
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (PUP.Optional.PlurPush.A) -> 6664 -> Delete on reboot.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe (PUP.Optional.PlurPush.A) -> 3152 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{82249076-d5c8-431d-982b-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{089ede16-f82f-4cb5-b64e-433860459d81} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\Interface\{6A9F605F-89D1-4AF7-8747-2A17F002E20E} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82249076-D5C8-431D-982B-023779779587} (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\Software\PlurPush (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPBAD73139-FBC0-422F-8017-BC4E0F30A5F4&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 22
C:\Program Files (x86)\PlurPush (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin\plugins (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 94
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe (PUP.Optional.PlurPush.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPushBHO.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\DM1394054416.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nsd6DD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nss1FB6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\AppData\Local\Temp\nscF681\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\2BFOK3E9\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\QZ2USOML\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\DeanZF1\Local Settings\Temporary Internet Files\IE\XNAZW8US\Setup[1].exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPush.ico (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\7za.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPushUninstall.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\updatePlurPush.InstallState (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserFilter.Helper.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPush.BrowserFilter.Helper.dll.old.b3436a22-a2cd-41c6-ba06-141ab46477aa (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\PlurPushBrowserFilter.exe (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\sqlite3.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.InstallState (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.BrowserFilterG.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PlurPush\bin\plugins\PlurPush.FFUpdate.dll (PUP.Optional.PlurPush.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)
--
DeanZF
aka PastyWhiteGuy

PastyWhiteGuy

#12
March 18, 2014, 06:46:18 PM
Also, with MWB, I opened it up to find the log and decided to click on a couple of the other tabs. I definitely "deleted" all 130 of the PlurPush items. When I clicked on the quarantine tab, lo and behold, they were all still there! I cleaned out the quarantine ward. I've restarted each time the various checkers have instructed to do so.
--
DeanZF
aka PastyWhiteGuy

Corrine

#13
March 18, 2014, 07:04:17 PM
MBAM followed by JRT & AdwCleaner should have gotten it.  Let's see if RSIT shows something.  This is for the 64x version since your 8.1 machine is 64-bit.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSITx64.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

PastyWhiteGuy

#14
March 18, 2014, 07:22:40 PM
LOG

Logfile of random's system information tool 1.09 (written by random/random)
Run by DeanZF1 at 2014-03-18 14:20:24
Microsoft Windows 8.1
System drive C: has 401 GB (92%) free of 437 GB
Total RAM: 4008 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:20:39 PM, on 3/18/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\trend micro\DeanZF1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKCU\..\Run: [Pokki] C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://c:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @oem59.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10757 bytes

======Listing Processes======

wininit.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
C:\windows\system32\CxAudMsg64.exe
dashost.exe {93904673-70f1-4c6d-b8bf9ff1199a80b2}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files\McAfee\MSC\McAPExe.exe"
"C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\windows\system32\mfevtps.exe"
"C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe"
C:\windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\windows\SysWOW64\SAsrv.exe
"C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe"
"C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ac081c0b-f899-43ba-a4e6-19fee8700f68 -SystemEventPortName:HostProcess-1f4467d6-7427-4c03-bab2-93423d81cba5 -IoCancelEventPortName:HostProcess-1e965710-f60d-4c0c-8ad7-b9331e7a5440 -NonStateChangingEventPortName:HostProcess-c178e5a6-7442-4218-a8c1-a78b1a59a7c5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d897c1df-4955-494e-b634-5974e88fa16c -DeviceGroupId:WudfDefaultDevicePool
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\windows\Explorer.EXE
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\skydrive.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"
"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe"
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Users\DeanZF1\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/8/OneClickSignIn/BlueOnWhite/Prefetch/ContentPrefetchPrefetchOff/Prerender/Prerender15minTTL/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/group_01/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_63/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="4984.1.729718186\1990092100" /prefetch:3
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe"
"C:\Users\DeanZF1\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default

prefs.js - "browser.startup.homepage" -  "https://www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.70 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\DeanZF1\AppData\Roaming\Mozilla\Firefox\Profiles\4tg6asne.default\extensions\
{578e7caa-210f-4967-a0d3-88fe5b59a39f}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-08-31 36352]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-09-11 391128]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-09-11 771032]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-09-11 769496]
"RtsFT"=C:\windows\RTFTrack.exe [2013-07-19 6340312]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-07-24 903384]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-12 1647616]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-02-14 15813616]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-02-14 80880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\DeanZF1\AppData\Local\Pokki\Engine\Launcher.dll [2014-03-14 1839896]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20922016]
"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2014-02-25 496192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-07-24 537512]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-06 214312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-09-11 623104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicDisplay.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BasicRender.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BrokerInfrastructure]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DeviceInstall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dxgkrnl.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FsDepends.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LSM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmartcardSimulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SystemEventsBroker]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VirtualSmartcardReader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wcmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"EnableUIADesktopToggle"=0
"EnableCursorSuppression"=1
"ConsentPromptBehaviorUser"=3
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-18 14:20:24 ----D---- C:\rsit
2014-03-18 14:20:24 ----D---- C:\Program Files\trend micro
2014-03-18 02:29:03 ----D---- C:\AdwCleaner
2014-03-18 02:16:39 ----D---- C:\450b7683668c85003ed5b04f2d68
2014-03-18 02:04:40 ----D---- C:\windows\ERUNT
2014-03-18 02:03:52 ----A---- C:\windows\system32\shell32.dll
2014-03-18 02:03:50 ----A---- C:\windows\system32\Windows.UI.Xaml.dll
2014-03-18 02:03:49 ----A---- C:\windows\SYSWOW64\Windows.UI.Xaml.dll
2014-03-18 02:03:47 ----A---- C:\windows\SYSWOW64\shell32.dll
2014-03-18 02:03:45 ----A---- C:\windows\system32\schedsvc.dll
2014-03-18 02:03:44 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2014-03-18 02:03:43 ----A---- C:\windows\system32\mfsvr.dll
2014-03-18 02:03:43 ----A---- C:\windows\system32\MFMediaEngine.dll
2014-03-18 02:03:42 ----A---- C:\windows\system32\SettingSyncHost.exe
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\SettingSyncHost.exe
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\mfsvr.dll
2014-03-18 02:03:41 ----A---- C:\windows\SYSWOW64\MFMediaEngine.dll
2014-03-18 02:03:41 ----A---- C:\windows\system32\XpsGdiConverter.dll
2014-03-18 02:03:41 ----A---- C:\windows\system32\SettingSyncCore.dll
2014-03-18 02:03:40 ----A---- C:\windows\SYSWOW64\SettingSyncCore.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\ReAgent.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\pnrpsvc.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\MsSpellCheckingFacility.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\hal.dll
2014-03-18 02:03:40 ----A---- C:\windows\system32\drivers\dxgmms1.sys
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\XpsGdiConverter.dll
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\WSClient.dll
2014-03-18 02:03:39 ----A---- C:\windows\SYSWOW64\ReAgent.dll
2014-03-18 02:03:39 ----A---- C:\windows\system32\WSClient.dll
2014-03-18 02:03:36 ----A---- C:\windows\SYSWOW64\ntdll.dll
2014-03-18 02:03:35 ----A---- C:\windows\system32\reseteng.dll
2014-03-18 02:03:34 ----A---- C:\windows\SYSWOW64\MsSpellCheckingFacility.dll
2014-03-18 02:03:34 ----A---- C:\windows\system32\ntdll.dll
2014-03-18 02:03:34 ----A---- C:\windows\system32\easinvoker.exe
2014-03-18 02:03:34 ----A---- C:\windows\system32\drivers\rdbss.sys
2014-03-18 02:03:33 ----A---- C:\windows\system32\sti.dll
2014-03-18 02:03:32 ----A---- C:\windows\system32\easwrt.dll
2014-03-18 02:03:32 ----A---- C:\windows\system32\drivers\USBXHCI.SYS
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\sti.dll
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\OEMLicense.dll
2014-03-18 02:03:31 ----A---- C:\windows\SYSWOW64\easwrt.dll
2014-03-18 02:03:31 ----A---- C:\windows\system32\OEMLicense.dll
2014-03-16 21:21:51 ----D---- C:\ProgramData\Licenses
2014-03-16 21:21:47 ----A---- C:\windows\SYSWOW64\MSSTDFMT.DLL
2014-03-16 21:21:46 ----D---- C:\Program Files (x86)\SpywareBlaster
2014-03-16 20:40:22 ----D---- C:\Users\DeanZF1\AppData\Roaming\Malwarebytes
2014-03-16 20:40:13 ----D---- C:\ProgramData\Malwarebytes
2014-03-16 20:40:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 20:40:10 ----A---- C:\windows\system32\drivers\mbam.sys
2014-03-12 15:48:26 ----A---- C:\windows\system32\sppsvc.exe
2014-03-12 15:48:26 ----A---- C:\windows\system32\drivers\tcpip.sys
2014-03-12 15:48:25 ----A---- C:\windows\SYSWOW64\mfcore.dll
2014-03-12 15:48:25 ----A---- C:\windows\system32\mfcore.dll
2014-03-12 15:48:25 ----A---- C:\windows\system32\combase.dll
2014-03-12 15:48:24 ----A---- C:\windows\SYSWOW64\combase.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\mstscax.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\mfmpeg2srcsnk.dll
2014-03-12 15:48:24 ----A---- C:\windows\system32\kernel32.dll
2014-03-12 15:48:23 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-03-12 15:48:23 ----A---- C:\windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-03-12 15:48:23 ----A---- C:\windows\system32\dbgeng.dll
2014-03-12 15:48:22 ----A---- C:\windows\SYSWOW64\kernel32.dll
2014-03-12 15:48:22 ----A---- C:\windows\SYSWOW64\dbgeng.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\swprv.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\Faultrep.dll
2014-03-12 15:48:22 ----A---- C:\windows\system32\dbghelp.dll
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\WerFault.exe
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\Faultrep.dll
2014-03-12 15:48:21 ----A---- C:\windows\SYSWOW64\dbghelp.dll
2014-03-12 15:48:21 ----A---- C:\windows\system32\WerFault.exe
2014-03-12 15:48:21 ----A---- C:\windows\system32\mfps.dll
2014-03-12 15:48:20 ----A---- C:\windows\SYSWOW64\rdpencom.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\tsgqec.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\rdvidcrl.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\rdpencom.dll
2014-03-12 15:48:20 ----A---- C:\windows\system32\DWWIN.EXE
2014-03-12 15:48:20 ----A---- C:\windows\system32\drivers\volsnap.sys
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-03-12 15:48:19 ----A---- C:\windows\SYSWOW64\DWWIN.EXE
2014-03-12 15:48:19 ----A---- C:\windows\system32\sppcomapi.dll
2014-03-12 15:48:13 ----A---- C:\windows\system32\winload.exe
2014-03-12 15:48:11 ----A---- C:\windows\system32\mshtml.dll
2014-03-12 15:48:10 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-03-12 15:48:08 ----A---- C:\windows\system32\ieframe.dll
2014-03-12 15:48:07 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-03-12 15:48:07 ----A---- C:\windows\system32\iertutil.dll
2014-03-12 15:48:06 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-03-12 15:48:06 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-03-12 15:48:06 ----A---- C:\windows\system32\jscript9.dll
2014-03-12 15:48:06 ----A---- C:\windows\system32\ie4uinit.exe
2014-03-12 15:48:05 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-03-12 15:48:05 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\wininet.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\urlmon.dll
2014-03-12 15:48:05 ----A---- C:\windows\system32\msfeeds.dll
2014-03-12 15:48:04 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-03-12 15:48:04 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-03-12 15:48:04 ----A---- C:\windows\system32\ieapfltr.dll
2014-03-12 15:47:57 ----A---- C:\windows\system32\drivers\WdFilter.sys
2014-03-12 15:47:54 ----A---- C:\windows\system32\drivers\WdBoot.sys
2014-03-12 15:47:51 ----A---- C:\windows\system32\drivers\WdNisDrv.sys
2014-03-12 15:47:40 ----A---- C:\windows\SYSWOW64\qedit.dll
2014-03-12 15:47:40 ----A---- C:\windows\system32\qedit.dll
2014-03-12 15:47:39 ----A---- C:\windows\system32\win32k.sys
2014-03-10 00:03:20 ----D---- C:\Users\DeanZF1\AppData\Roaming\WinPatrol
2014-03-10 00:03:05 ----D---- C:\ProgramData\InstallMate
2014-03-10 00:03:05 ----D---- C:\Program Files (x86)\BillP Studios
2014-03-09 15:10:06 ----SHD---- C:\Config.Msi
2014-03-08 21:29:04 ----D---- C:\Users\DeanZF1\AppData\Roaming\Nitro
2014-03-08 21:29:04 ----D---- C:\Users\DeanZF1\AppData\Roaming\FileOpen
2014-03-08 21:29:04 ----D---- C:\ProgramData\FileOpen
2014-03-08 15:04:35 ----A---- C:\windows\system32\WSShared.dll
2014-03-08 15:04:35 ----A---- C:\windows\system32\WSService.dll
2014-03-08 15:04:34 ----A---- C:\windows\SYSWOW64\WSShared.dll
2014-03-08 15:04:33 ----A---- C:\windows\system32\WSCollect.exe
2014-03-08 15:04:32 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-08 15:04:32 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-08 15:04:30 ----A---- C:\windows\SYSWOW64\pcaui.exe
2014-03-08 15:04:30 ----A---- C:\windows\system32\pcaui.exe
2014-03-08 15:04:27 ----A---- C:\windows\SYSWOW64\msdrm.dll
2014-03-08 15:04:27 ----A---- C:\windows\system32\msdrm.dll
2014-03-08 15:04:02 ----A---- C:\windows\SYSWOW64\WMPhoto.dll
2014-03-08 15:04:02 ----A---- C:\windows\system32\WMPhoto.dll
2014-03-08 15:04:01 ----A---- C:\windows\system32\KernelBase.dll
2014-03-08 15:04:00 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2014-03-08 15:03:59 ----A---- C:\windows\system32\uDWM.dll
2014-03-08 15:03:57 ----A---- C:\windows\SYSWOW64\mdmregistration.dll
2014-03-08 15:03:57 ----A---- C:\windows\system32\mdmregistration.dll
2014-03-08 15:03:57 ----A---- C:\windows\system32\MDMAgent.exe
2014-03-08 15:03:53 ----A---- C:\windows\SYSWOW64\Windows.UI.Search.dll
2014-03-08 15:03:53 ----A---- C:\windows\system32\Windows.UI.Search.dll
2014-03-08 15:03:52 ----A---- C:\windows\system32\twinui.dll
2014-03-08 15:03:51 ----A---- C:\windows\SYSWOW64\twinui.dll
2014-03-08 15:03:51 ----A---- C:\windows\system32\SearchFolder.dll
2014-03-08 15:03:50 ----A---- C:\windows\SYSWOW64\SearchFolder.dll
2014-03-08 15:03:49 ----A---- C:\windows\SYSWOW64\propsys.dll
2014-03-08 15:03:49 ----A---- C:\windows\system32\propsys.dll
2014-03-08 15:03:40 ----A---- C:\windows\system32\SyncEngine.dll
2014-03-08 15:03:39 ----A---- C:\windows\system32\SkyDrive.exe
2014-03-08 15:03:37 ----A---- C:\windows\system32\SkyDriveTelemetry.dll
2014-03-08 15:03:37 ----A---- C:\windows\system32\MrmCoreR.dll
2014-03-08 15:03:37 ----A---- C:\windows\system32\actxprxy.dll
2014-03-08 15:03:36 ----A---- C:\windows\SYSWOW64\MrmCoreR.dll
2014-03-08 15:03:36 ----A---- C:\windows\system32\SkyDriveShell.dll
2014-03-08 15:03:35 ----A---- C:\windows\SYSWOW64\SkyDriveShell.dll
2014-03-08 15:03:34 ----A---- C:\windows\SYSWOW64\actxprxy.dll
2014-03-08 15:03:31 ----A---- C:\windows\system32\winbici.dll
2014-03-08 14:59:14 ----D---- C:\Program Files\office.tmp
2014-03-08 14:19:07 ----D---- C:\windows\PCHEALTH
2014-03-08 14:13:53 ----D---- C:\Program Files\Microsoft Office
2014-03-08 14:13:21 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2014-03-08 14:12:10 ----D---- C:\ProgramData\Microsoft Help
2014-03-07 15:50:21 ----D---- C:\windows\system32\MRT
2014-03-07 15:50:16 ----A---- C:\windows\system32\MRT.exe
2014-03-07 12:37:17 ----A---- C:\windows\system32\wuaueng.dll
2014-03-07 12:37:16 ----A---- C:\windows\explorer.exe
2014-03-07 12:37:15 ----A---- C:\windows\SYSWOW64\explorer.exe
2014-03-07 12:37:15 ----A---- C:\windows\system32\workfolderssvc.dll
2014-03-07 12:37:15 ----A---- C:\windows\system32\mfasfsrcsnk.dll
2014-03-07 12:37:14 ----A---- C:\windows\SYSWOW64\mfasfsrcsnk.dll
2014-03-07 12:37:12 ----A---- C:\windows\system32\d3d9.dll
2014-03-07 12:37:10 ----A---- C:\windows\system32\Windows.Web.Http.dll
2014-03-07 12:37:09 ----A---- C:\windows\SYSWOW64\d3d9.dll
2014-03-07 12:37:09 ----A---- C:\windows\system32\TSWorkspace.dll
2014-03-07 12:37:08 ----A---- C:\windows\SYSWOW64\UIAutomationCore.dll
2014-03-07 12:37:08 ----A---- C:\windows\system32\dnsapi.dll
2014-03-07 12:37:07 ----A---- C:\windows\system32\Windows.Media.dll
2014-03-07 12:37:07 ----A---- C:\windows\system32\UIAutomationCore.dll
2014-03-07 12:37:06 ----A---- C:\windows\SYSWOW64\user32.dll
2014-03-07 12:37:06 ----A---- C:\windows\system32\WWAHost.exe
2014-03-07 12:37:06 ----A---- C:\windows\system32\d3d10level9.dll
2014-03-07 12:37:05 ----A---- C:\windows\SYSWOW64\comdlg32.dll
2014-03-07 12:37:05 ----A---- C:\windows\system32\WorkfoldersControl.dll
2014-03-07 12:37:04 ----A---- C:\windows\SYSWOW64\WWAHost.exe
2014-03-07 12:37:04 ----A---- C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-03-07 12:37:04 ----A---- C:\windows\system32\eapphost.dll
2014-03-07 12:37:04 ----A---- C:\windows\system32\drivers\acpi.sys
2014-03-07 12:37:03 ----A---- C:\windows\SYSWOW64\Windows.Networking.BackgroundTransfer.dll
2014-03-07 12:37:03 ----A---- C:\windows\SYSWOW64\Windows.Media.dll
2014-03-07 12:37:03 ----A---- C:\windows\system32\kd_02_8086.dll
2014-03-07 12:37:02 ----A---- C:\windows\SYSWOW64\dnsapi.dll
2014-03-07 12:37:02 ----A---- C:\windows\SYSWOW64\d3d10level9.dll
2014-03-07 12:37:02 ----A---- C:\windows\system32\tsmf.dll
2014-03-07 12:37:02 ----A---- C:\windows\system32\AudioSes.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\eapp3hst.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\comdlg32.dll
2014-03-07 12:37:01 ----A---- C:\windows\system32\apphelp.dll
2014-03-07 12:37:00 ----A---- C:\windows\SYSWOW64\TSWorkspace.dll
2014-03-07 12:37:00 ----A---- C:\windows\SYSWOW64\tsmf.dll
2014-03-07 12:37:00 ----A---- C:\windows\system32\wintrust.dll
2014-03-07 12:36:59 ----A---- C:\windows\SYSWOW64\apphelp.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\pcsvDevice.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\ncryptsslp.dll
2014-03-07 12:36:59 ----A---- C:\windows\system32\drivers\srv.sys
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\Windows.Web.Http.dll
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\ncryptsslp.dll
2014-03-07 12:36:58 ----A---- C:\windows\SYSWOW64\eapphost.dll
2014-03-07 12:36:58 ----A---- C:\windows\system32\profsvc.dll
2014-03-07 12:36:58 ----A---- C:\windows\system32\msched.dll
2014-03-07 12:36:57 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-03-07 12:36:57 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-03-07 12:36:57 ----A---- C:\windows\system32\samsrv.dll
2014-03-07 12:36:57 ----A---- C:\windows\system32\drivers\usbccgp.sys
2014-03-07 12:36:56 ----A---- C:\windows\system32\wldp.dll
2014-03-07 12:36:56 ----A---- C:\windows\system32\iphlpsvc.dll
2014-03-07 12:36:56 ----A---- C:\windows\system32\drivers\rdyboost.sys
2014-03-07 12:36:55 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-03-07 12:36:55 ----A---- C:\windows\system32\drivers\stornvme.sys
2014-03-07 12:36:55 ----A---- C:\windows\system32\dafBth.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\WUSettingsProvider.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\wuauclt.exe
2014-03-07 12:36:54 ----A---- C:\windows\system32\shsetup.dll
2014-03-07 12:36:54 ----A---- C:\windows\system32\dafWfdProvider.dll
2014-03-07 12:36:53 ----A---- C:\windows\SYSWOW64\shsetup.dll
2014-03-07 12:36:53 ----A---- C:\windows\system32\eappcfg.dll
2014-03-07 12:36:53 ----A---- C:\windows\system32\dnsrslvr.dll
2014-03-07 12:36:52 ----A---- C:\windows\system32\WiFiDisplay.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eappgnui.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eappcfg.dll
2014-03-07 12:36:51 ----A---- C:\windows\SYSWOW64\eapp3hst.dll
2014-03-07 12:36:51 ----A---- C:\windows\system32\eappgnui.dll
2014-03-07 12:36:49 ----A---- C:\windows\SYSWOW64\ftp.exe
2014-03-07 12:36:49 ----A---- C:\windows\system32\wucltux.dll
2014-03-07 12:36:49 ----A---- C:\windows\system32\WorkFoldersShell.dll
2014-03-07 12:36:47 ----A---- C:\windows\system32\rdpclip.exe
2014-03-07 12:36:47 ----A---- C:\windows\system32\ftp.exe
2014-03-07 12:36:46 ----A---- C:\windows\SYSWOW64\miutils.dll
2014-03-07 12:36:46 ----A---- C:\windows\system32\miutils.dll
2014-03-07 12:34:36 ----A---- C:\windows\system32\msmpeg2vdec.dll
2014-03-07 12:34:34 ----A---- C:\windows\SYSWOW64\msmpeg2vdec.dll
2014-03-07 12:34:19 ----A---- C:\windows\system32\winmde.dll
2014-03-07 12:34:19 ----A---- C:\windows\system32\drivers\ndis.sys
2014-03-07 12:34:19 ----A---- C:\windows\system32\authui.dll
2014-03-07 12:34:18 ----A---- C:\windows\system32\audiosrv.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\wmpmde.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\SystemEventsBrokerServer.dll
2014-03-07 12:34:17 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2014-03-07 12:34:16 ----A---- C:\windows\SYSWOW64\authui.dll
2014-03-07 12:34:16 ----A---- C:\windows\system32\ubpm.dll
2014-03-07 12:34:15 ----A---- C:\windows\SYSWOW64\winmde.dll
2014-03-07 12:34:15 ----A---- C:\windows\system32\wlansvc.dll
2014-03-07 12:34:15 ----A---- C:\windows\system32\bisrv.dll
2014-03-07 12:34:14 ----A---- C:\windows\system32\ploptin.dll
2014-03-07 12:34:14 ----A---- C:\windows\system32\mfmp4srcsnk.dll
2014-03-07 12:34:13 ----A---- C:\windows\SYSWOW64\mfmp4srcsnk.dll
2014-03-07 12:34:13 ----A---- C:\windows\system32\oleaut32.dll
2014-03-07 12:34:13 ----A---- C:\windows\system32\mfds.dll
2014-03-07 12:34:12 ----A---- C:\windows\SYSWOW64\mfds.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\Windows.Graphics.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\psmsrv.dll
2014-03-07 12:34:12 ----A---- C:\windows\system32\lsasrv.dll
2014-03-07 12:34:11 ----A---- C:\windows\SYSWOW64\Windows.Graphics.dll
2014-03-07 12:34:11 ----A---- C:\windows\system32\rastls.dll
2014-03-07 12:34:11 ----A---- C:\windows\system32\drivers\USBSTOR.SYS
2014-03-07 12:34:10 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2014-03-07 12:34:10 ----A---- C:\windows\system32\msieftp.dll
2014-03-07 12:34:10 ----A---- C:\windows\system32\drivers\ipnat.sys
2014-03-07 12:34:09 ----A---- C:\windows\SYSWOW64\mispace.dll
2014-03-07 12:34:09 ----A---- C:\windows\system32\mispace.dll
2014-03-07 12:34:09 ----A---- C:\windows\system32\bi.dll
2014-03-07 12:34:08 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-03-07 12:34:08 ----A---- C:\windows\SYSWOW64\msieftp.dll
2014-03-07 12:34:08 ----A---- C:\windows\system32\drivers\BtaMPM.sys
2014-03-07 12:34:07 ----A---- C:\windows\system32\deviceregistration.dll
2014-03-07 12:31:31 ----A---- C:\windows\system32\twinui.appcore.dll
2014-03-07 12:31:30 ----A---- C:\windows\SYSWOW64\twinui.appcore.dll
2014-03-07 12:30:42 ----A---- C:\windows\system32\AppXDeploymentServer.dll
2014-03-07 12:30:41 ----A---- C:\windows\system32\ntoskrnl.exe
2014-03-07 12:30:40 ----A---- C:\windows\system32\dwmcore.dll
2014-03-07 12:30:39 ----A---- C:\windows\SYSWOW64\dwmcore.dll
2014-03-07 12:30:39 ----A---- C:\windows\system32\SettingsHandlers.dll
2014-03-07 12:30:38 ----A---- C:\windows\system32\dcomp.dll
2014-03-07 12:30:37 ----A---- C:\windows\system32\msftedit.dll
2014-03-07 12:30:36 ----A---- C:\windows\system32\wlidcli.dll
2014-03-07 12:30:35 ----A---- C:
--
DeanZF
aka PastyWhiteGuy
Print
Go Up Pages1 2 3
User actions