Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
6 replies to this topic

#1 AJOhio

AJOhio

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 27 December 2014 - 12:12 AM

Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:45:42 PM, on 12/26/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe P:\Programs\seamonkey.exe C:\Users\Aaron\Downloads\HijackThis.exe C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - P:\Programs\LPToolbar.dll O2 - BHO: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: BestSaveForYou - {fb3720b5-9c5d-44a8-8014-8710ef9bc06b} - C:\ProgramData\BestSaveForYou\iM5wxi4MPU81V8.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - P:\Programs\LPToolbar.dll O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [Win8PDF] P:\Programs\PDF Printer for Windows 8\PDF.exe O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON O4 - HKCU\..\Run: [GUDelayStartup] "P:\Programs\Glary Utilities 5\StartupManager.exe" -delayrun O4 - HKCU\..\RunOnce: [Application Restart #6] C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Aaron\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session O4 - HKCU\..\RunOnce: [Application Restart #5] C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Aaron\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: LastPass - file://C:\Users\Aaron\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Aaron\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - P:\Programs\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - P:\Programs\LPToolbar.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: DragonAssistant3 Maintenance Service (DAMSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @oem26.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: PDF Printer Service for Windows 8 (Win8PDFPrinting) - Vivid Document Imaging Technologies - P:\Programs\PDF Printer for Windows 8\Win8PDFPrinting.exe O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- End of file - 14542 bytes Here is the Start up log ---------------------- StartupList report, 12/27/2014, 12:10:43 AM StartupList version: 1.52.2 Started from : C:\Users\Aaron\Downloads\HijackThis.EXE Detected: Unknown Windows (WinNT 6.02.1008) Detected: Internet Explorer v11.0 (11.00.9600.17416) * Using default options ================================================== Running processes: C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe P:\Programs\seamonkey.exe C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe C:\Users\Aaron\Downloads\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe ISCTSystray.lnk = C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run AccelerometerSysTrayApplet = C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe ISUSPM = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler BlueStacks Agent = C:\Program Files (x86)\BlueStacks\HD-Agent.exe Win8PDF = P:\Programs\PDF Printer for Windows 8\PDF.exe (Default) = -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run GUDelayStartup = "P:\Programs\Glary Utilities 5\StartupManager.exe" -delayrun -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Application Restart #6 = C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Aaron\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session Application Restart #5 = C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Aaron\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} LastPass Vault - P:\Programs\LPToolbar.dll - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} (no name) - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} BestSaveForYou - C:\ProgramData\BestSaveForYou\iM5wxi4MPU81V8.dll - {fb3720b5-9c5d-44a8-8014-8710ef9bc06b} -------------------------------------------------- Enumerating Task Scheduler jobs: Adobe Flash Player Updater.job GlaryInitialize 5.job -------------------------------------------------- Enumerating Download Program Files: [SysInfo Class] InProcServer32 = C:\Program Files (x86)\SystemRequirementsLab\srldetect_intel_4.5.24.0.dll CODEBASE = http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\napinsp.dll NameSpace #2: C:\Windows\system32\pnrpnsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\NLAapi.dll NameSpace #7: C:\Windows\system32\wshbth.dll NameSpace #8: C:\Program Files (x86)\Bonjour\mdnsNSP.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: *Registry key not found* -------------------------------------------------- End of report, 6,864 bytes Report generated in 0.016 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Thank you for all your help. Aaron

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 30 December 2014 - 11:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is not compatible with your 64 bit operating system.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

p.s.
Please save your logs with Notepad and make sure that that the Wordwrap is set.

Your current log is unreadable.

#3 AJOhio

AJOhio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 30 December 2014 - 02:52 PM

nasdaq - Here are the logs.  I really appreciate the help.  Aaron
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/30/2014
Scan Time: 1:39:45 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.30.07
Rootkit Database: v2014.12.29.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Aaron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325199
Time Elapsed: 19 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.DeltaFix.A, C:\Program Files (x86)\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [3e5f7beddf9d1521d4f5aeb3c34040c0],

Registry Keys: 59
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D7A5AD8C-E276-4EC1-A1C7-39F6C969DD92}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7A5AD8C-E276-4EC1-A1C7-39F6C969DD92}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.Freecorder.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [7b22bdab2d4f1b1b6eb48b52b34fe818],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}, Quarantined, [eab31c4c4d2f2016cae6344bbd466b95],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [6637db8d79030b2b82ef2a48f40f7a86],
PUP.Optional.DeltaFix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fc67e7a0, Quarantined, [7726df89b2ca3204299f08593bc84cb4],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, Quarantined, [a9f426428cf07abcbd0b59118a7926da],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [3c61c2a67a0279bdd21c9b00a85b4eb2],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (http://searchy.easylifeapp.com/),Replaced,[683591d7384442f4f6152e4a37ce8f71]
PUP.Optional.EasyLife.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (http://searchy.easylifeapp.com/),Replaced,[910c1b4d1963cd693dce9ddbc3420ff1]
PUP.Optional.EasyLife.A, HKU\S-1-5-21-2129985281-81589434-2425015398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchy.easylifeapp.com/, Good: (www.google.com), Bad: (http://searchy.easylifeapp.com/),Replaced,[ecb11d4b205cd06611fbb8c06b9ae41c]

Folders: 10
PUP.Optional.DeltaFix.A, C:\Program Files (x86)\DeltaFix, Delete-on-Reboot, [3e5f7beddf9d1521d4f5aeb3c34040c0],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoupon, Quarantined, [9c0146227a021a1c64b164e728dbf808],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraSavings, Quarantined, [5944491ff8842214bb68044b02017888],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher, Quarantined, [970657115e1e0333ca1b86cd828135cb],

Files: 76
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ScriptHost.dll, Quarantined, [9607fc6c750722140d0aa03e3ec458a8],
Trojan.Agent, C:\ProgramData\ExstraSavings\uap5sWJ072iuB7.exe, Quarantined, [8b120761720a78be1b58fc021ce52ed2],
Trojan.Agent, C:\ProgramData\JoniCoupon\fNunON2FbiU40s.exe, Quarantined, [a0fd77f1fc8047ef274cb945d52c6f91],
Trojan.Agent, C:\ProgramData\RegularDeals\jDjdqFMHmUpqIc.exe, Quarantined, [fe9f90d85e1e181edf9458a619e8f40c],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHU.tmp\vdbHB2YmPrTf4h.exe, Quarantined, [d2cb392fd0acf83e94df0cf2e21fbd43],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUm.tmp\jDjdqFMHmUpqIc.exe, Quarantined, [f8a5dc8cd3a971c59bd827d7fd044fb1],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUme.tmp\iM5wxi4MPU81V8.exe, Quarantined, [b0ed3e2a2a527cba551e0af4f40d7987],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUmea.tmp\fNunON2FbiU40s.exe, Quarantined, [6d30a3c5572545f1393acf2f1de425db],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUmeay.tmp\Best Flash Play.exe, Quarantined, [534a22462d4fb3835f142ed0c53ce31d],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUmeayl.tmp\BuyNsave.exe, Quarantined, [3c612147e89446f02b4801fda35ee719],
Trojan.Agent, C:\Users\Aaron\AppData\Local\Temp\PHQGHUmeayln.tmp\idO2fgeXQ5HvIk.exe, Quarantined, [801dc99ffc805ed8244f5ea057aa51af],
PUP.Optional.DeltaFix.A, C:\Program Files (x86)\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [3e5f7beddf9d1521d4f5aeb3c34040c0],
PUP.Optional.TidyNetwork.A, C:\Windows\System32\Tasks\TidyNetwork Update, Quarantined, [376616529ae2da5c09288cf5d72c6898],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\jquery-1.9.1.min.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\AddonsFramework.Typelib.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\AddonsFramework.Typelib64.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\background.html, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHost64.exe, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ButtonSite.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ButtonSite64.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\config.xml, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\icon.ico, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\json2.min.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\options.htm, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\RegistryHelper.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\RegistryHelper64.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ScriptHost64.dll, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\uninstall.exe, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updater.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updaterWrapper.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-128.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-16.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-18.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-48.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\bg.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\content.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\arrow-dn.gif, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\jquery-1.7.2.min.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\popup.html, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\popup.js, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\style.css, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\clipper.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\convert.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\help.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\lock.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\logo-24.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\logo.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\mp3_editor.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\music.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\play-flv.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\play.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\radio.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\screen.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\search.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\triangle-1-s.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\tv.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\upgrade.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\upgrade2.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\vid-history.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video-history.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video_encryptor.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\vpl.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\youtube-square.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\youtube.png, Quarantined, [326b8bddff7d181e6db048f2c63d14ec],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\jDjdqFMHmUpqIc.dat, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\jDjdqFMHmUpqIc.exe, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\RegularDeals\jDjdqFMHmUpqIc.tlb, Quarantined, [b4e976f26f0d5ed85aa484bef50e60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoupon\fNunON2FbiU40s.dat, Quarantined, [9c0146227a021a1c64b164e728dbf808],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoupon\fNunON2FbiU40s.exe, Quarantined, [9c0146227a021a1c64b164e728dbf808],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoupon\fNunON2FbiU40s.tlb, Quarantined, [9c0146227a021a1c64b164e728dbf808],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraSavings\uap5sWJ072iuB7.dat, Quarantined, [5944491ff8842214bb68044b02017888],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraSavings\uap5sWJ072iuB7.exe, Quarantined, [5944491ff8842214bb68044b02017888],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraSavings\uap5sWJ072iuB7.tlb, Quarantined, [5944491ff8842214bb68044b02017888],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher\AdPunisher.exe, Quarantined, [970657115e1e0333ca1b86cd828135cb],

Physical Sectors: 0
(No malicious items detected)


(end)
 
=============BREAK=======BREAK=========BREAK======BREAK============BREAK=====================
 
AdwCleaner[R0].txt
 
# AdwCleaner v4.106 - Report created 30/12/2014 at 14:18:01
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Aaron - AARONHOME
# Running from : C:\Users\Aaron\Downloads\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\13744616432364175038
Folder Found : C:\ProgramData\bebeafd2b9103ebe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchy.easylifeapp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\.
Key Found : HKLM\SOFTWARE\Classes\.
Key Found : HKLM\SOFTWARE\Classes\..9
Key Found : HKLM\SOFTWARE\Classes\..9
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Found : [x64] HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


*************************

AdwCleaner[R0].txt - [3272 octets] - [30/12/2014 14:18:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3332 octets] ##########
 
 
=============BREAK=======BREAK=========BREAK======BREAK============BREAK=====================
 
AdwCleaner[S0].txt -
 
# AdwCleaner v4.106 - Report created 30/12/2014 at 14:25:54
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Aaron - AARONHOME
# Running from : C:\Users\Aaron\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\13744616432364175038
Folder Deleted : C:\ProgramData\bebeafd2b9103ebe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05ee08fb-6369-447c-9e60-2ed35e5b5fe7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{fb3720b5-9c5d-44a8-8014-8710ef9bc06b}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchy.easylifeapp.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


*************************

AdwCleaner[R0].txt - [3424 octets] - [30/12/2014 14:18:01]
AdwCleaner[S0].txt - [3225 octets] - [30/12/2014 14:25:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3285 octets] ##########
 
=============BREAK=======BREAK=========BREAK======BREAK============BREAK=====================
 
FRST.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Aaron (administrator) on AARONHOME on 30-12-2014 14:38:50
Running from C:\Users\Aaron\Downloads
Loaded Profile: Aaron (Available profiles: Aaron)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Seamonkey)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Glarysoft Ltd) P:\Programs\Glary Utilities 5\Integrator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(mozilla.org) P:\Programs\seamonkey.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876496 2014-06-18] (Intel® Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Win8PDF] => P:\Programs\PDF Printer for Windows 8\PDF.exe [484352 2011-10-21] (Vivid Document Imaging Technologies)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\Run: [GUDelayStartup] => P:\Programs\Glary Utilities 5\StartupManager.exe [37152 2014-11-24] (Glarysoft Ltd)
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #6] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 581 more characters).
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #5] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
BootExecute: autocheck autochk *  
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61045;https=127.0.0.1:61045
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {8B2C0582-30B0-4910-AF0C-525EF5DE076E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8B2C0582-30B0-4910-AF0C-525EF5DE076E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2129985281-81589434-2425015398-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2129985281-81589434-2425015398-1001 -> {8B2C0582-30B0-4910-AF0C-525EF5DE076E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - P:\Programs\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - P:\Programs\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @lastpass.com/NPLastPass -> P:\Programs\nplastpass64.dll (LastPass)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> P:\Programs\nplastpass.dll (LastPass)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4279056 2014-01-27] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-13] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; P:\Programs\Digital Imaging\bin\hpqcxs08.dll [254824 2011-09-20] (Hewlett-Packard Co.)
R2 hpqddsvc; P:\Programs\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 HPSLPSVC; P:\Programs\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-11-16] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 Win8PDFPrinting; P:\Programs\PDF Printer for Windows 8\Win8PDFPrinting.exe [514048 2011-10-21] (Vivid Document Imaging Technologies) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-22] (Glarysoft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-05] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3488744 2014-07-22] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-11-16] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 NETwNe64; \SystemRoot\system32\DRIVERS\NETwew02.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 14:34 - 2014-12-30 14:34 - 00035828 _____ () C:\Users\Aaron\Downloads\Addition.txt
2014-12-30 14:33 - 2014-12-30 14:38 - 00018176 _____ () C:\Users\Aaron\Downloads\FRST.txt
2014-12-30 14:32 - 2014-12-30 14:38 - 00000000 ____D () C:\FRST
2014-12-30 14:32 - 2014-12-30 14:32 - 02123264 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2014-12-30 13:55 - 2014-12-30 14:25 - 00000000 ____D () C:\AdwCleaner
2014-12-30 13:55 - 2014-12-30 13:55 - 02173952 _____ () C:\Users\Aaron\Downloads\adwcleaner_4.106.exe
2014-12-30 13:38 - 2014-12-30 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 13:38 - 2014-12-30 13:38 - 00000762 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 13:38 - 2014-12-30 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 13:38 - 2014-12-30 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-30 13:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-30 13:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-30 13:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-30 13:37 - 2014-12-30 13:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Aaron\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 00:10 - 2014-12-27 00:10 - 00006679 _____ () C:\Users\Aaron\Downloads\startuplist.txt
2014-12-26 23:49 - 2014-12-26 23:49 - 00000000 ____D () C:\Users\Aaron\Downloads\backups
2014-12-26 23:46 - 2014-12-26 23:46 - 00014544 _____ () C:\Users\Aaron\Documents\hijackthis.log
2014-12-26 23:45 - 2014-12-26 23:45 - 00014544 _____ () C:\Users\Aaron\Downloads\hijackthis.log
2014-12-26 23:40 - 2014-12-26 23:39 - 00388608 _____ (Trend Micro Inc.) C:\Users\Aaron\Downloads\HijackThis.exe
2014-12-15 18:37 - 2014-12-30 14:26 - 00027474 _____ () C:\Windows\PFRO.log
2014-12-10 18:26 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:26 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:26 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:26 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:26 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:26 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:26 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:26 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:26 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:26 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:26 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:26 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:26 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:26 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:26 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:26 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:26 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:26 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:26 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:26 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:26 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:26 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:26 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:26 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:26 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:26 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:26 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:26 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:26 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:26 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:26 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:26 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:26 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:26 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:26 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:26 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:26 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:26 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:26 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:25 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:25 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:25 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-10 18:25 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-10 18:25 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:25 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:25 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:25 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-09 20:16 - 2014-12-09 20:16 - 00000326 _____ () C:\Users\Aaron\Desktop\HP Printer Diagnostic Tools.url
2014-12-08 17:50 - 2014-12-08 17:50 - 00000877 _____ () C:\Users\Aaron\Downloads\Documents - Shortcut.lnk
2014-12-08 17:45 - 2014-12-30 14:27 - 00003881 _____ () C:\Windows\setupact.log
2014-12-08 17:45 - 2014-12-30 14:19 - 01137052 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 17:45 - 2014-12-08 17:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-07 21:33 - 2014-12-07 21:33 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-12-06 00:07 - 2014-12-06 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-12-06 00:07 - 2014-12-06 00:07 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-12-06 00:02 - 2014-12-07 15:58 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Jaksta_Technologies_Pty_L
2014-12-06 00:02 - 2014-12-06 00:06 - 00000000 ____D () C:\Users\Aaron\Documents\Freecorder
2014-12-05 23:44 - 2014-12-07 15:58 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-12-02 13:20 - 2014-12-02 13:20 - 00000414 _____ () C:\Users\Aaron\Desktop\I.R.I.S. Resource Center.lnk
2014-12-02 13:19 - 2014-12-02 13:19 - 00000000 ____D () C:\Users\Aaron\Documents\My Scans
2014-12-02 13:09 - 2012-10-15 09:11 - 00001698 ____N () C:\Windows\hpwmdl23.dat.temp
2014-12-02 13:08 - 2014-12-02 13:08 - 00000000 ____D () C:\ProgramData\WEBREG
2014-12-02 13:07 - 2014-12-02 13:08 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\HP
2014-12-02 13:07 - 2014-12-02 13:07 - 00000000 ____D () C:\Users\Aaron\AppData\Local\HP
2014-12-02 13:01 - 2014-12-09 20:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\HpUpdate
2014-12-02 13:01 - 2014-12-02 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-02 13:01 - 2014-12-02 13:01 - 00000671 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-12-02 13:00 - 2014-12-02 13:00 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-12-02 12:55 - 2014-12-02 13:12 - 00218328 _____ () C:\Windows\hpwins23.dat
2014-12-02 12:55 - 2014-12-02 13:12 - 00001684 _____ () C:\ProgramData\hpzinstall.log
2014-12-02 12:55 - 2012-10-15 09:11 - 00001698 ____N () C:\Windows\hpwmdl23.dat
2014-12-02 12:51 - 2012-08-23 14:21 - 01424896 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop4.dll
2014-12-02 12:51 - 2010-05-13 05:29 - 00553472 _____ (Hewlett Packard) C:\Windows\system32\hppldcoi.dll
2014-12-02 12:51 - 2010-05-13 05:25 - 00906240 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax5.dll
2014-12-02 12:51 - 2010-02-01 01:54 - 00488960 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst11.dll
2014-12-02 12:37 - 2014-12-02 13:01 - 00000000 ____D () C:\Program Files (x86)\Hp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 14:34 - 2014-09-18 04:38 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2129985281-81589434-2425015398-1001
2014-12-30 14:31 - 2014-03-18 04:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 14:30 - 2014-09-18 04:35 - 00000000 ___DO () C:\Users\Aaron\OneDrive
2014-12-30 14:27 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 14:26 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-30 13:27 - 2014-09-20 19:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{84A3420E-DE82-4336-B0EE-A391DFA0C0ED}
2014-12-30 13:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-30 13:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 21:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-12-26 23:40 - 2014-09-18 04:33 - 00000000 ____D () C:\Users\Aaron\AppData\Local\VirtualStore
2014-12-26 23:37 - 2014-09-20 19:23 - 00000000 ____D () C:\Users\Aaron\AppData\Local\CrashDumps
2014-12-21 12:20 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-15 18:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-15 18:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-15 18:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-15 17:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 19:19 - 2014-09-20 19:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 19:17 - 2014-09-20 19:44 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-05 23:42 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Resources
2014-12-05 23:41 - 2013-08-22 08:25 - 00000234 _____ () C:\Windows\win.ini
2014-12-02 13:19 - 2014-09-26 15:36 - 00000000 ____D () C:\ProgramData\HP
2014-12-02 13:13 - 2014-05-06 18:29 - 00000000 ___HD () C:\HP
2014-12-02 13:11 - 2014-10-22 15:47 - 00002952 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-12-02 13:11 - 2014-10-22 15:47 - 00000738 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-12-02 13:11 - 2014-10-22 15:47 - 00000738 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-12-02 13:11 - 2014-10-22 15:47 - 00000330 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-12-02 13:03 - 2013-08-22 09:44 - 00378000 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\oct51C3.tmp.exe
C:\Users\Aaron\AppData\Local\Temp\Quarantine.exe
C:\Users\Aaron\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 20:03

==================== End Of Log ============================Attached File  FRST Addition Log.txt   34.99KB   0 downloads



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 31 December 2014 - 09:05 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #6] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 581 more characters).
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #5] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2129985281-81589434-2425015398-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - No Path
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 NETwNe64; \SystemRoot\system32\DRIVERS\NETwew02.sys [X]
C:\Users\Aaron\AppData\Local\Temp\oct51C3.tmp.exe
C:\Users\Aaron\AppData\Local\Pokki

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 AJOhio

AJOhio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 04 January 2015 - 09:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Aaron at 2015-01-04 20:52:56 Run:1
Running from C:\Users\Aaron\Downloads
Loaded Profile: Aaron (Available profiles: Aaron)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #6] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs
--no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 581 more characters).
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\...\RunOnce: [Application Restart #5] => C:\Users\Aaron\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cli (the data entry has 571 more characters).
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
=
SearchScopes: HKU\S-1-5-21-2129985281-81589434-2425015398-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - No Path
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S3 NETwNe64; \SystemRoot\system32\DRIVERS\NETwew02.sys [X]
C:\Users\Aaron\AppData\Local\Temp\oct51C3.tmp.exe
C:\Users\Aaron\AppData\Local\Pokki

End

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #6 => value deleted successfully.
--no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 581 more characters). => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2129985281-81589434-2425015398-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5 => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
= => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2129985281-81589434-2425015398-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp" => Key deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
NETwNe64 => Service deleted successfully.
C:\Users\Aaron\AppData\Local\Temp\oct51C3.tmp.exe => Moved successfully.
"C:\Users\Aaron\AppData\Local\Pokki" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 20:52:58 ====

 

====================BREAK=====================BREAK==================BREAK================

 

 

 Results of screen317's Security Check version 0.99.93 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player  15.0.0.223 Flash Player out of Date! 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

====================BREAK===========BREAK========================BREAK============

 

The computer is running well.  the hijacking and ads have gone.  Thank you for the help.  Nice to get my computer back.

 

BTW it all started when I downloaded Freecorder.

 

Aaron
 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 05 January 2015 - 08:50 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

After downloading free programs run the AdwCleaner and or the Malwarebytes programs.
Remove everything that was installed without your consent.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:28 AM

Posted 11 January 2015 - 11:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users