Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dad's computer has search.homepage-web redirect issues


  • Please log in to reply
2 replies to this topic

#1 MML

MML

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 19 July 2015 - 04:41 PM

This time it's my dad's comp that's got a problem; he keeps getting pop-ups from pokki dot com, keeps getting browser hijacked back to the above URL.  I've reset his browser and set it to open directly to Chrome but am not sure how else to proceed.  ETA his comp is a brand-new Toshiba running windows 8.1


Edited by MML, 19 July 2015 - 04:45 PM.


BC AdBot (Login to Remove)

 


#2 TinoNgombo

TinoNgombo

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Luanda, Angola
  • Local time:07:08 AM

Posted 19 July 2015 - 05:26 PM

Hi there :).
 
This clearly seems to be an ''adware'' (i.e., malicious software that brings up undesired advertisements and pop-ups on browsers) infection, judging by the problems that its presenting.

You can download AdwCleaner, in order to eliminate the infection.

 

Below is the link to download it:

 

http://download.cnet.com/AdCleaner/3001-8022_4-10416775.html?hlndr=1

 


Edited by TinoNgombo, 19 July 2015 - 05:27 PM.


#3 MML

MML
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 08 August 2015 - 02:50 PM

Back with the logs broni suggested I make in my other post - which I have to reopen because I have reoccurred issues...

 

Mini Tool Box:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by John (administrator) on 08-08-2015 at 09:14:19
Running from "C:\Users\John\Desktop"
Microsoft Windows 8.1 with Bing  (X64)
Model: Satellite C55-B Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Owner-Pc
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-B5-7D-32-90-F4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : AC-B5-7D-32-90-F4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F0-76-1C-44-16-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::28ab:a31d:579f:3cf6%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, August 7, 2015 8:17:58 PM
   Lease Expires . . . . . . . . . . : Sunday, August 9, 2015 9:00:21 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 66090524
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-E4-38-E5-F0-76-1C-44-16-CE
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{39480C77-547D-401D-82A4-5A3C17FEA973}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1055:228a:e7a4:2751(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1055:228a:e7a4:2751%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-E4-38-E5-F0-76-1C-44-16-CE
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:80b::1007
 216.58.219.238
 
 
Pinging google.com [74.125.226.69] with 32 bytes of data:
Reply from 74.125.226.69: bytes=32 time=18ms TTL=55
Reply from 74.125.226.69: bytes=32 time=18ms TTL=55
 
Ping statistics for 74.125.226.69:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=91ms TTL=52
Reply from 206.190.36.45: bytes=32 time=98ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 91ms, Maximum = 98ms, Average = 94ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...1e b5 7d 32 90 f4 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...ac b5 7d 32 90 f4 ......Qualcomm Atheros AR9485 Wireless Network Adapter
  3...f0 76 1c 44 16 ce ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.5     20
         10.0.0.0    255.255.255.0         On-link          10.0.0.5    276
         10.0.0.5  255.255.255.255         On-link          10.0.0.5    276
       10.0.0.255  255.255.255.255         On-link          10.0.0.5    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.5    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.5    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6ab8:1055:228a:e7a4:2751/128
                                    On-link
  3    276 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::1055:228a:e7a4:2751/128
                                    On-link
  3    276 fe80::28ab:a31d:579f:3cf6/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/08/2015 09:13:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/31/2015 12:58:51 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 10.0.4030.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1768
 
Start Time: 01d0cbca15e5311f
 
Termination Time: 12
 
Application Path: C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
 
Report Id: 8c936567-37be-11e5-8277-f0761c4416ce
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/31/2015 12:33:40 PM) (Source: MsiInstaller) (User: Owner-Pc)
Description: Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files (x86)\Microsoft Office\Office10\1033\SETUP.HLP.
 
Error: (07/24/2015 08:53:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Owner-Pc)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/20/2015 06:29:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: PowerDVD12.exe, version: 12.0.24568.3817, time stamp: 0x5301eac7
Faulting module name: EvoParser.dll_unloaded, version: 1.2.0.5919, time stamp: 0x528adf7e
Exception code: 0xc0000005
Fault offset: 0x00020661
Faulting process id: 0x120c
Faulting application start time: 0xPowerDVD12.exe0
Faulting application path: PowerDVD12.exe1
Faulting module path: PowerDVD12.exe2
Report Id: PowerDVD12.exe3
Faulting package full name: PowerDVD12.exe4
Faulting package-relative application ID: PowerDVD12.exe5
 
Error: (06/20/2015 05:04:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: PowerDVD12.exe, version: 12.0.24568.3817, time stamp: 0x5301eac7
Faulting module name: BoomerangLib.dll_unloaded, version: 3.0.0.3613, time stamp: 0x52aadaf1
Exception code: 0xc0000005
Fault offset: 0x0014ae18
Faulting process id: 0x1d38
Faulting application start time: 0xPowerDVD12.exe0
Faulting application path: PowerDVD12.exe1
Faulting module path: PowerDVD12.exe2
Report Id: PowerDVD12.exe3
Faulting package full name: PowerDVD12.exe4
Faulting package-relative application ID: PowerDVD12.exe5
 
Error: (05/31/2015 12:04:07 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (05/15/2015 04:30:25 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (05/13/2015 07:41:50 PM) (Source: MsiInstaller) (User: Owner-Pc)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (05/11/2015 07:16:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
 
 
System errors:
=============
Error: (08/07/2015 08:53:42 PM) (Source: DCOM) (User: Owner-Pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/07/2015 08:53:12 PM) (Source: DCOM) (User: Owner-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/07/2015 08:22:42 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HPLAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{39480C77-547D-401D-82A4-5A3C17FEA973}.
The master browser is stopping or an election is being forced.
 
Error: (08/07/2015 08:19:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Office.OneNote.
 
Error: (08/07/2015 08:18:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Reader.
 
Error: (08/05/2015 08:15:00 PM) (Source: DCOM) (User: Owner-Pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/05/2015 07:56:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Office.OneNote.
 
Error: (08/05/2015 07:56:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Reader.
 
Error: (08/05/2015 01:40:07 PM) (Source: DCOM) (User: Owner-Pc)
Description: C:\Windows\System32\ThumbnailExtractionHost.exe -Embedding5{4545DEA0-2DFC-4906-A728-6D986BA399A9}UnavailableUnavailable
 
Error: (08/05/2015 12:52:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Office.OneNote.
 
 
Microsoft Office Sessions:
=========================
Error: (08/08/2015 09:13:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe
 
Error: (07/31/2015 12:58:51 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE10.0.4030.0176801d0cbca15e5311f12C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE8c936567-37be-11e5-8277-f0761c4416ce
 
Error: (07/31/2015 12:33:40 PM) (Source: MsiInstaller)(User: Owner-Pc)
Description: Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files (x86)\Microsoft Office\Office10\1033\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/24/2015 08:53:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Owner-Pc)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927142
 
Error: (06/20/2015 06:29:59 PM) (Source: Application Error)(User: )
Description: PowerDVD12.exe12.0.24568.38175301eac7EvoParser.dll_unloaded1.2.0.5919528adf7ec000000500020661120c01d0abc1c57b405eC:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeEvoParser.dll07186c53-17b5-11e5-8274-f0761c4416ce
 
Error: (06/20/2015 05:04:00 PM) (Source: Application Error)(User: )
Description: PowerDVD12.exe12.0.24568.38175301eac7BoomerangLib.dll_unloaded3.0.0.361352aadaf1c00000050014ae181d3801d0abb5c2b9a4c8C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeBoomerangLib.dll0480fe20-17a9-11e5-8274-f0761c4416ce
 
Error: (05/31/2015 12:04:07 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
 
Error: (05/15/2015 04:30:25 AM) (Source: Winlogon)(User: )
Description: 
 
Error: (05/13/2015 07:41:50 PM) (Source: MsiInstaller)(User: Owner-Pc)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
 
Error: (05/11/2015 07:16:23 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Users\John\AppData\Local\Pokki\Engine\HostAppService.exe
 
 
=========================== Installed Programs ============================
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (HKLM-x32\...\WTA-2d6dc4ee-fae3-41f9-97ec-03d0bea4d9a0) (Version: 2.2.0.97 - WildTangent) Hidden
Cut the Rope (HKLM-x32\...\WTA-fb3e8c69-7ec8-45ca-852d-0597c66941f7) (Version: 3.0.2.38 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
DIRECTV Player (HKLM-x32\...\{33a5f796-fbe8-4ef4-b95d-94e9c3c6efbd}) (Version: 12.0 - DIRECTV)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Massachusetts 2014 (HKLM-x32\...\{745EC575-8132-47BE-B8E6-141D08A74EF0}) (Version: 1.14.3501 - HRB Technology, LLC.)
H&R Block Rhode Island 2014 (HKLM-x32\...\{A108DC28-A3B9-4A1C-8479-C882FD80F0DB}) (Version: 1.14.2401 - HRB Technology, LLC.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Infinite HD™ App (HKCU\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-3c06c6d8-6f1e-412a-ad28-5bee55133016) (Version: 3.0.2.48 - WildTangent) Hidden
Livestream Producer (HKLM-x32\...\{BF0B4D35-C3B5-42F5-9030-F2E7D9093986}) (Version: 1.0.6 - Livestream)
Luxor Evolved (HKLM-x32\...\WTA-8ca7e8ed-f4e0-4e04-9365-16c4b6ccb247) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Encarta Encyclopedia Standard 2005 (HKLM-x32\...\{05410040-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Microsoft Money 2005 (HKLM-x32\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Picture It! Premium 10 (HKLM-x32\...\PictureItPrem_v10) (Version: 10.0.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{901B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM-x32\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-76f8cd9f-f421-4fd2-8156-328a676e6fd8) (Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.269.7.738 - Pokki)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XSplit Broadcaster (HKLM-x32\...\{7BC30FB1-9AA6-4B0C-8E5A-574EA5B6CB2F}) (Version: 2.3.1505.0542 - SplitmediaLabs)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 44%
Total physical RAM: 3982.88 MB
Available physical RAM: 2194.27 MB
Total Virtual: 4686.88 MB
Available Virtual: 2264.85 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI10700000B) (Fixed) (Total:455.92 GB) (Free:401.61 GB) NTFS
2 Drive d: (Sons of Liberty Disc 1) (CDROM) (Total:7.34 GB) (Free:0 GB) UDF
 
========================= Users: ========================================
 
User accounts for \\OWNER-PC
 
Administrator            Guest                    John                     
 
 
**** End of log ****
 
 
AdAware:
 
# AdwCleaner v4.208 - Logfile created 08/08/2015 at 09:32:30
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : John - OWNER-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\John\AppData\Roaming\GDIPFONTCACHEV1.DAT
Folder Found : C:\ProgramData\pokki
Folder Found : C:\Users\John\AppData\Local\pokki
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.130
 
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://homepage-web.com/?s=toshibaupd&m=home
 
*************************
 
AdwCleaner[R0].txt - [1537 bytes] - [08/08/2015 09:15:39]
AdwCleaner[R1].txt - [1454 bytes] - [08/08/2015 09:32:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1513 bytes] ##########
 
 
Malware Bytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/8/2015
Scan Time: 9:38 AM
Logfile: MWB.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.08.02
Rootkit Database: v2015.08.06.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351989
Time Elapsed: 37 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET: No infection and no logs
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users