Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware, and possibly more, that's been on my PC for months.


  • This topic is locked This topic is locked
8 replies to this topic

#1 AdrianDfg

AdrianDfg

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 14 August 2015 - 11:53 AM

I remember that a couple months ago I've had an adware problem that won't go away. I tried to use adwcleaner and malwarebytes to get rid of them; malwarebytes detected them. After restarting the computer, all of the supposedly deleted adware came back again. I boycotted using my computer for months until now. I don't know if this is an adware problem, but whenever I go to a new tab the default browser turns into Bing instead of my home page, Google. Also I've been experiencing lots of latency on game that I play, although that too may not be a problem caused by adware.

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by Nuffin (administrator) on NAM (14-08-2015 11:32:50)
Running from C:\Users\Nuffin\Downloads
Loaded Profiles: Nuffin (Available Profiles: Nuffin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\StartMenuIndexer.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-07] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-11] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #3] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #1] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {10C27D9E-0FA9-4265-91EF-B9F821174DF5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16ECFD98-16E1-499B-A832-8D6EA0D0FFF8}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{16ECFD98-16E1-499B-A832-8D6EA0D0FFF8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CEAA4AF1-1AFD-4F20-9D43-0CB0E87BF9FB}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-2770270840-2992870779-910395114-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Nuffin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2015-03-21] (Pokki)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-21] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-07] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-04-19] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-21] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-21] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 11:32 - 2015-08-14 11:33 - 00007960 _____ C:\Users\Nuffin\Downloads\FRST.txt
2015-08-14 11:32 - 2015-08-14 11:32 - 00000000 ____D C:\FRST
2015-08-14 11:31 - 2015-08-14 11:31 - 02173952 _____ (Farbar) C:\Users\Nuffin\Downloads\FRST64.exe
2015-08-14 11:28 - 2015-08-14 11:28 - 00000266 ____H C:\windows\Tasks\User_Feed_Synchronization-{B71E003E-AB01-49EE-89F2-27B5D5098112}.job
2015-08-13 15:49 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 15:49 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:41 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-13 09:41 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-13 09:41 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-13 09:41 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-13 09:41 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-13 09:41 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-13 09:41 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-13 09:41 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-13 09:41 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-13 09:41 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-13 09:41 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-13 09:41 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-13 09:41 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-13 09:41 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-13 09:41 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-13 09:41 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-13 09:41 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-13 09:41 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-13 09:41 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-13 09:41 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-13 09:41 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-13 09:41 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-13 09:41 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-13 09:40 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-13 09:40 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-13 09:40 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-13 09:40 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-13 09:40 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-13 09:40 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-13 09:40 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-13 09:40 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-13 09:40 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-13 09:40 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-13 09:40 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-13 09:40 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-13 09:40 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-13 09:40 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-13 09:40 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-13 09:40 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-13 09:40 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-13 09:40 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-13 09:40 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-13 09:40 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-13 09:40 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-13 09:39 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-13 09:39 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-13 09:39 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-13 09:39 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-13 09:39 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-13 09:39 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-13 09:39 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-13 09:39 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-13 09:39 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-13 09:39 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-13 09:39 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-13 09:39 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-13 09:39 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-13 09:39 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-13 09:39 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-13 09:39 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-13 09:39 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-13 09:39 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-13 09:39 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-13 09:39 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-13 09:39 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 09:38 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-13 09:38 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-13 09:38 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-13 09:38 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-13 09:38 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-13 09:38 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-13 09:38 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-13 09:38 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-13 09:38 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-13 09:38 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-13 09:38 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-13 09:38 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-13 09:38 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-13 09:38 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-13 09:38 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-13 09:38 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-13 09:38 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-13 09:38 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-13 09:38 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-13 09:38 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-13 09:38 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-13 09:38 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-13 09:38 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-13 09:38 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-13 09:38 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-13 09:38 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:38 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 10:05 - 2015-08-11 10:06 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-11 10:05 - 2015-08-11 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-11 10:05 - 2015-08-11 10:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-11 10:05 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-11 10:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-11 10:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-30 17:26 - 2015-07-30 17:26 - 00000000 ____D C:\Users\Nuffin\AppData\Local\CEF
2015-07-30 15:57 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-30 15:57 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-30 15:57 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-30 15:57 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-30 15:56 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-30 15:56 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-30 15:56 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-30 15:56 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-30 15:56 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-30 15:56 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-30 15:56 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-30 15:56 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-30 15:56 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-07-30 15:56 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-30 15:56 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-30 15:56 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-07-30 15:56 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-30 15:56 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-30 15:56 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-30 15:56 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-30 15:56 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-30 15:56 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-30 15:56 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-30 15:56 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-07-30 15:56 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-07-30 15:56 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-07-30 15:56 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-07-30 15:56 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-07-30 15:56 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-07-30 15:56 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-07-30 15:56 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-07-30 15:56 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-07-30 15:56 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-07-30 15:56 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-07-30 15:54 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-30 15:54 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-30 15:54 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-07-30 15:54 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-07-30 15:54 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-07-30 15:54 - 2014-11-04 14:25 - 00059712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys
2015-07-30 15:54 - 2014-11-04 14:25 - 00051008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys
2015-07-30 15:54 - 2014-11-04 01:55 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys
2015-07-30 15:54 - 2014-11-04 01:54 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys
2015-07-30 15:54 - 2014-11-04 01:54 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys
2015-07-30 15:54 - 2014-11-04 01:54 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-07-30 15:51 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-30 15:51 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2015-07-30 15:51 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-30 15:51 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-30 15:51 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-30 15:51 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-30 15:51 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2015-07-30 15:51 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-30 15:51 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-30 15:51 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-07-30 15:51 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-30 15:51 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-07-30 15:51 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-30 15:51 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-30 15:46 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-30 15:46 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-30 15:46 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-30 15:46 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-30 15:46 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-30 15:46 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-07-30 15:46 - 2015-04-28 08:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-07-30 15:46 - 2015-04-28 08:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-07-30 15:46 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-07-30 15:46 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-07-30 15:45 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-07-30 15:45 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-07-30 15:45 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-07-30 15:45 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-30 15:14 - 2015-07-30 15:14 - 00003220 _____ C:\windows\System32\Tasks\Pokki

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 11:32 - 2013-10-31 00:04 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-14 11:31 - 2015-03-21 17:18 - 00000000 ____D C:\Users\Nuffin\AppData\Local\Pokki
2015-08-14 11:27 - 2014-04-21 06:47 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-08-14 11:27 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-14 11:27 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-14 11:26 - 2013-08-22 09:46 - 00024853 _____ C:\windows\setupact.log
2015-08-13 16:36 - 2015-03-21 17:16 - 01645060 _____ C:\windows\WindowsUpdate.log
2015-08-13 16:20 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-08-13 16:09 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-13 16:06 - 2015-03-21 17:23 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2770270840-2992870779-910395114-1001
2015-08-13 16:01 - 2015-03-21 17:20 - 00000000 __RDO C:\Users\Nuffin\SkyDrive
2015-08-13 16:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-13 15:53 - 2013-08-22 09:44 - 00346856 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 15:51 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 15:51 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 15:51 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 15:51 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 15:49 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-13 15:48 - 2015-04-19 09:33 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 15:47 - 2015-03-21 20:38 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-13 15:46 - 2015-04-09 20:38 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 15:46 - 2015-04-09 20:38 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 15:46 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 15:46 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 15:34 - 2015-03-30 18:23 - 00003910 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{B71E003E-AB01-49EE-89F2-27B5D5098112}
2015-08-12 13:39 - 2013-10-30 23:59 - 00014680 _____ C:\windows\PFRO.log
2015-08-11 09:45 - 2015-03-21 17:18 - 00000000 ____D C:\Users\Nuffin
2015-08-09 21:21 - 2015-03-24 18:07 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-08-09 21:04 - 2015-03-21 17:18 - 00000000 ____D C:\Users\Nuffin\AppData\Local\Packages
2015-08-08 09:04 - 2015-06-26 08:16 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-08 08:55 - 2013-08-22 10:38 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2013-08-22 10:38 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-04 13:50 - 2015-07-06 13:50 - 00003160 _____ C:\windows\System32\Tasks\HPCeeScheduleForNuffin
2015-08-04 13:50 - 2015-07-06 13:50 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForNuffin.job
2015-07-31 21:09 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-07-31 21:09 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-07-31 21:00 - 2015-04-09 20:38 - 00000000 ___SD C:\windows\system32\GWX
2015-07-31 20:59 - 2015-04-09 20:38 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-30 15:14 - 2015-03-21 17:21 - 00002315 _____ C:\Users\Nuffin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

Some files in TEMP:
====================
C:\Users\Nuffin\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-30 16:01

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 15 August 2015 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #3] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #1] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)
FF Plugin HKU\S-1-5-21-2770270840-2992870779-910395114-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Nuffin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2015-03-21] (Pokki)
C:\Users\Nuffin\AppData\Local\Pokki

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#3 AdrianDfg

AdrianDfg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 15 August 2015 - 04:37 PM

My computer is running alright now, although it takes a while for my desktop and task bar icons to load. Also after restarting my computer the icon for my Pokki Start Menu isn't at my Task Bar anymore. My browser speed is pretty fast. As for games, it still lags and stuff like that. FYI I don't think I'll be able to reply to your next post because I have some obligations to do tomorrow. Thanks for your time.

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Nuffin (2015-08-15 16:21:08) Run:1
Running from C:\Users\Nuffin\Downloads
Loaded Profiles: Nuffin (Available Profiles: Nuffin)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Nuffin\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #3] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\...\RunOnce: [Application Restart #1] => C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe [7863808 2015-07-25] (Pokki)
FF Plugin HKU\S-1-5-21-2770270840-2992870779-910395114-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Nuffin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2015-03-21] (Pokki)
C:\Users\Nuffin\AppData\Local\Pokki

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => No running process found
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => value removed successfully
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value removed successfully
"HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper" => key removed successfully
C:\Users\Nuffin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll => moved successfully.
C:\Users\Nuffin\AppData\Local\Pokki => moved successfully.
EmptyTemp: => 344.9 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 16:21:22 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 16 August 2015 - 07:53 AM

Why are you always using Safe mode?

Boot Mode: Safe Mode (with Networking)



#5 AdrianDfg

AdrianDfg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 17 August 2015 - 10:28 AM

I thought it would help, sorry.

 

Here's the log without safe mode on.

 

Restore point was successfully created.
Processes closed successfully.
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\Nuffin\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => No running process found
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => value not found.
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value not found.
HKU\S-1-5-21-2770270840-2992870779-910395114-1001\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper => key not found.
C:\Users\Nuffin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll not found.
"C:\Users\Nuffin\AppData\Local\Pokki" => File/Folder not found.
EmptyTemp: => 49.6 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 10:21:17 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 17 August 2015 - 01:00 PM

Looking good.

How is the computer running now?

#7 AdrianDfg

AdrianDfg
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 21 August 2015 - 10:50 PM

It's running well. The start up speed and browser speed is faster. Sorry for the wait. Is there anything else we need to do?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 22 August 2015 - 08:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 PM

Posted 28 August 2015 - 07:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users