Jump to content

Malware removal assistance requested


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Audy (administrator) on AUDYLAPTOP on 02-02-2015 07:33:33
Running from C:\Users\Audy\Desktop
Loaded Profiles: Audy &  (Available profiles: Audy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\...\RunOnce: [Application Restart #4] => C:\Users\Audy\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #4] => C:\Users\Audy\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-01]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Google Sheets) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-17]
CHR Extension: (Norton Safe) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Gmail) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR Profile: C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (YouTube) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Google Search) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Norton Identity Safe) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Audy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-10] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-16] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-15] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150201.004\ENG64.SYS [129752 2015-01-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150201.004\EX64.SYS [2137304 2015-01-21] (Symantec Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-10] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 07:33 - 2015-02-02 07:34 - 00022848 _____ () C:\Users\Audy\Desktop\FRST.txt
2015-02-02 07:33 - 2015-02-02 07:33 - 00000000 ____D () C:\FRST
2015-02-02 07:32 - 2015-02-02 07:32 - 02131456 _____ (Farbar) C:\Users\Audy\Desktop\FRST64.exe
2015-02-01 20:38 - 2015-02-01 13:26 - 00002270 _____ () C:\Users\Audy\Desktop\Audy - Chrome.lnk
2015-02-01 19:51 - 2015-02-01 19:51 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-01 19:51 - 2015-02-01 19:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-01 19:40 - 2015-02-01 19:46 - 18570328 _____ () C:\Users\Audy\Downloads\RogueKillerX64.exe
2015-02-01 14:53 - 2015-02-01 19:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-01 14:49 - 2015-02-01 14:49 - 11225840 _____ (SurfRight B.V.) C:\Users\Audy\Downloads\HitmanPro_x64.exe
2015-02-01 14:45 - 2015-02-01 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 14:44 - 2015-02-01 14:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Audy\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-01 14:37 - 2015-02-01 20:06 - 00000000 ____D () C:\AdwCleaner
2015-02-01 14:36 - 2015-02-01 14:36 - 02194432 _____ () C:\Users\Audy\Downloads\adwcleaner_4.109.exe
2015-02-01 14:02 - 2015-02-02 07:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 14:02 - 2015-02-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 14:02 - 2015-02-01 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 14:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 14:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 14:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 15:13 - 2015-02-01 13:24 - 00000064 _____ () C:\Users\Audy\AppData\Roaming\WB.CFG
2015-01-31 11:43 - 2015-01-31 21:55 - 00000000 ____D () C:\Users\Audy\AppData\Roaming\OpenSoftwareUpdater
2015-01-31 11:43 - 2015-01-31 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-01-31 11:12 - 2015-01-31 11:13 - 00331488 _____ (InstallerTech Corp) C:\Users\Audy\Downloads\SoftwareUpdater.exe
2015-01-26 20:39 - 2015-02-01 13:49 - 00000000 ____D () C:\Users\Audy\AppData\Local\CrashDumps
2015-01-15 11:06 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 11:06 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 11:06 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-15 11:06 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-15 11:06 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-15 11:06 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-15 11:06 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-15 11:06 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 11:06 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-15 11:06 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-15 11:06 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-15 11:06 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-15 11:06 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-15 11:06 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-15 11:06 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-15 11:06 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-15 11:06 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-15 11:06 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-15 11:06 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-15 11:06 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-15 11:06 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-15 11:06 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-15 11:06 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-15 11:06 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-15 11:06 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-03 20:07 - 2015-01-03 20:07 - 00000000 ____D () C:\Users\Audy\Downloads\Wild Wild Love- Pitbull_files
2015-01-03 20:06 - 2015-01-03 20:07 - 00036611 _____ () C:\Users\Audy\Downloads\Wild Wild Love- Pitbull.html
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 07:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-01 21:34 - 2014-12-17 15:43 - 01536294 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:19 - 2014-12-17 16:14 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 20:12 - 2014-03-18 01:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 20:10 - 2014-12-17 15:50 - 00000000 ____D () C:\Users\Audy\Documents\Youcam
2015-02-01 20:09 - 2014-12-17 16:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 20:08 - 2013-08-22 06:46 - 00030353 _____ () C:\Windows\setupact.log
2015-02-01 20:08 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 20:07 - 2014-03-18 01:44 - 00018670 _____ () C:\Windows\PFRO.log
2015-02-01 15:01 - 2014-12-17 15:54 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2573563873-3745586224-1449829263-1001
2015-02-01 14:55 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-01 14:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Resources
2015-02-01 14:06 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-01 13:27 - 2014-12-17 15:47 - 00000000 ____D () C:\Users\Audy\AppData\Local\Pokki
2015-02-01 13:26 - 2014-12-17 16:15 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 11:46 - 2013-08-22 06:44 - 00354128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 22:55 - 2014-12-17 12:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-30 22:50 - 2014-12-17 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-29 21:57 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-29 18:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-01-29 15:23 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-27 20:44 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-24 12:20 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 12:20 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 18:29 - 2014-12-17 15:52 - 00002300 _____ () C:\Users\Audy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
 
==================== Files in the root of some directories =======
 
2015-01-31 15:13 - 2015-02-01 13:24 - 0000064 _____ () C:\Users\Audy\AppData\Roaming\WB.CFG
 
Some content of TEMP:
====================
C:\Users\Audy\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Audy\AppData\Local\Temp\Quarantine.exe
C:\Users\Audy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-01 15:01
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Audy at 2015-02-02 07:34:41
Running from C:\Users\Audy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AOL (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.2 - Pokki)
AOL (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5) (Version: v1.0.2 - Pokki)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
FarmVille 2 (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C7B723A-1108-455C-B65B-FF2251E1E5A3}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Start Menu (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\...\Pokki_Start_Menu) (Version: 0.269.5.375 - Pokki)
Start Menu (HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_Start_Menu) (Version: 0.269.5.375 - Pokki)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
15-01-2015 11:25:17 Windows Update
21-01-2015 18:54:24 Windows Update
25-01-2015 11:08:50 Windows Update
29-01-2015 18:48:55 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {23D51D03-1448-4A7D-A3C6-8622034D9F87} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3235541C-E9B0-41EB-AD5C-0536CC09040A} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {41B4D6B1-232E-492F-8B2D-2A58B471F36C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-30] (Microsoft Corporation)
Task: {41BF3CE3-55DF-4185-8D79-D3A2A48EE30C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {66E24CD5-3908-415D-92D2-48665CF42257} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {B0DE5D3E-3B5D-4CFB-870A-2EFC2E8B3E3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {B9AC563D-953C-4300-8DFB-AF13272019CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {BE454749-0018-4AAA-88F7-40CD5326D9AD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: {D81DE1E0-95CB-4574-830A-F41433220F8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {DB512687-F486-4107-AA33-C321BCB0FAC0} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {EA739BFE-8B15-4196-AA5F-92833730BFA5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EF7DCC09-106E-447C-AD5B-C8A26410C60D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {F3C09609-598D-4D69-BA5E-6C2E69F7F744} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN33T3537M => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {FFD50C0C-8F4D-456E-8E96-AAE2F2A9EFEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-07-20 17:28 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-01-26 17:24 - 2015-01-24 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-26 17:24 - 2015-01-24 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-26 17:24 - 2015-01-24 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2573563873-3745586224-1449829263-500 - Administrator - Disabled)
Audy (S-1-5-21-2573563873-3745586224-1449829263-1001 - Administrator - Enabled) => C:\Users\Audy
Guest (S-1-5-21-2573563873-3745586224-1449829263-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2015 01:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.93, time stamp: 0x54c46198
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x083d0ec0
Faulting process id: 0x70c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8593
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8593
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 09:55:59 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Google Chrome because of this error.
 
Program: Google Chrome
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (01/31/2015 09:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.93, time stamp: 0x54c46198
Faulting module name: chrome.dll, version: 40.0.2214.93, time stamp: 0x54c45d6b
Exception code: 0xc000001d
Fault offset: 0x003a4c16
Faulting process id: 0x12b4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (01/31/2015 03:14:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Google Chrome because of this error.
 
Program: Google Chrome
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (01/31/2015 03:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.93, time stamp: 0x54c46198
Faulting module name: chrome.dll, version: 40.0.2214.93, time stamp: 0x54c45d6b
Exception code: 0xc000001d
Fault offset: 0x003a4c16
Faulting process id: 0x15d8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (01/31/2015 03:14:07 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Google Chrome because of this error.
 
Program: Google Chrome
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 00000000
Disk type: 0
 
Error: (01/31/2015 03:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.93, time stamp: 0x54c46198
Faulting module name: chrome.dll, version: 40.0.2214.93, time stamp: 0x54c45d6b
Exception code: 0xc000001d
Fault offset: 0x003a4c16
Faulting process id: 0xf48
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
 
System errors:
=============
Error: (02/01/2015 03:02:20 PM) (Source: DCOM) (EventID: 10010) (User: AudyLaptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/01/2015 03:01:50 PM) (Source: DCOM) (EventID: 10010) (User: AudyLaptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/01/2015 02:40:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (02/01/2015 02:40:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (02/01/2015 02:40:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (02/01/2015 02:40:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2015 02:40:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2015 02:40:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/01/2015 02:40:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2015 02:40:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/01/2015 01:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9354c46198unknown0.0.0.000000000c0000005083d0ec070c01d03e68be5f0d4dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown22bfd9c0-aa5c-11e4-8266-acb57d03bbd5
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8593
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8593
 
Error: (02/01/2015 00:11:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 09:55:59 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Google Chrome000000000
 
Error: (01/31/2015 09:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9354c46198chrome.dll40.0.2214.9354c45d6bc000001d003a4c1612b401d03de3bf69b064C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\chrome.dllfe9dce3f-a9d6-11e4-8266-acb57d03bbd5
 
Error: (01/31/2015 03:14:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Google Chrome000000000
 
Error: (01/31/2015 03:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9354c46198chrome.dll40.0.2214.9354c45d6bc000001d003a4c1615d801d03daba5732e7dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\chrome.dlle4c1fa68-a99e-11e4-8266-acb57d03bbd5
 
Error: (01/31/2015 03:14:07 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Google Chrome000000000
 
Error: (01/31/2015 03:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9354c46198chrome.dll40.0.2214.9354c45d6bc000001d003a4c16f4801d03dab98c34349C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\chrome.dllda8758a6-a99e-11e4-8266-acb57d03bbd5
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 47%
Total physical RAM: 4026.15 MB
Available physical RAM: 2096.33 MB
Total Pagefile: 4730.15 MB
Available Pagefile: 2565.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:440.22 GB) (Free:402.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.52 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5BBC04BF)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015

Ran by Audy at 2015-02-02 19:07:27 Run:1

Running from C:\Users\Audy\Desktop\AVFix

Loaded Profiles: Audy (Available profiles: Audy)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\...\RunOnce: [Application Restart #4] => C:\Users\Audy\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)

HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #4] => C:\Users\Audy\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-04] (Pokki)

C:\Users\Audy\AppData\Local\Pokki

U3 McAPExe; No ImagePath

U3 McMPFSvc; No ImagePath

U3 McNaiAnn; No ImagePath

U3 mfecore; No ImagePath

U3 MSK80Service; No ImagePath

C:\Users\Audy\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Audy\AppData\Local\Temp\Quarantine.exe

C:\Users\Audy\AppData\Local\Temp\sqlite3.dll

Emptytemp:

end

 

 

 

*****************

 

HKU\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 => value deleted successfully.

HKU\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #4 => Value not found.

C:\Users\Audy\AppData\Local\Pokki => Moved successfully.

McAPExe => Service deleted successfully.

McMPFSvc => Service deleted successfully.

McNaiAnn => Service deleted successfully.

mfecore => Service deleted successfully.

MSK80Service => Service deleted successfully.

C:\Users\Audy\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.

C:\Users\Audy\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Audy\AppData\Local\Temp\sqlite3.dll => Moved successfully.

EmptyTemp: => Removed 515.2 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 19:07:43 ====

 

Link to post
Share on other sites

 



Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/2/2015

Scan Time: 7:15:32 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.03.01

Rootkit Database: v2015.01.14.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Audy

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 327248

Time Elapsed: 20 min, 4 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



 

Link to post
Share on other sites

# AdwCleaner v4.109 - Report created 02/02/2015 at 19:53:03

# Updated 24/01/2015 by Xplode

# Database : 2015-02-02.1 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : Audy - AUDYLAPTOP

# Running from : C:\Users\Audy\Desktop\AVFix\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Pokki

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v40.0.2214.93

 

 

*************************

 

AdwCleaner[R0].txt - [1659 octets] - [01/02/2015 14:37:25]

AdwCleaner[R1].txt - [1144 octets] - [01/02/2015 20:04:56]

AdwCleaner[R2].txt - [1037 octets] - [02/02/2015 19:50:02]

AdwCleaner[s0].txt - [1701 octets] - [01/02/2015 14:40:09]

AdwCleaner[s1].txt - [1212 octets] - [01/02/2015 20:06:56]

AdwCleaner[s2].txt - [923 octets] - [02/02/2015 19:53:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [982 octets] ##########

 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8.1 x64

Ran by Audy on Mon 02/02/2015 at 20:00:01.98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/02/2015 at 20:04:07.57

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

HI Kevin, thanks for the great instructions. I didn't see anything that said it was infected however, I'm still seeing two "pokki" related programs in the control panel. "Start Menu" and "AOL". Should I manually try to uninstall these or is there better/automated fashion?

 

Thanks,

Bruce

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 17 12:15:31 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 17 12:18:12 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 17 12:34:17 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 17 12:35:21 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 17 13:10:30 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 17 13:10:36 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 17 13:59:44 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 17 13:59:49 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 12:17:30 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 12:17:54 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 12:20:53 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 12:20:56 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 14:07:31 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 15:40:17 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 15:40:18 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 15:51:44 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 15:51:45 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 16:29:47 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 16:29:48 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 16:37:37 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 25 16:37:38 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 25 17:16:36 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 11:45:26 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 19:00:43 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 19:01:13 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 20:28:40 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 20:28:41 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 20:35:53 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 20:35:54 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 21:32:50 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 21:32:52 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 21:41:58 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 21:41:59 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Dec 26 23:22:21 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 23:22:22 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Dec 27 14:16:07 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Dec 27 17:01:50 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 27 17:04:51 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Dec 27 21:21:18 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 31 00:50:52 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 31 14:02:08 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 31 14:02:45 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Dec 31 14:38:29 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 31 14:38:30 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 01 22:20:42 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 02 02:09:19 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 02 12:12:48 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 02 13:04:16 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 02 18:26:39 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 18:34:33 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 02 21:19:42 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 03 20:29:29 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sun Jan 04 11:50:47 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 04 11:51:23 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sun Jan 04 22:36:48 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 15 11:25:23 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Wed Jan 21 18:53:59 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 21 19:05:51 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 22 11:16:48 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 11:17:11 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 22 18:02:04 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 18:02:12 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 22 18:15:49 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 18:15:50 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 24 08:34:32 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 24 08:35:18 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 24 09:02:13 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 24 09:02:18 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 24 09:39:28 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 24 09:39:29 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 24 09:46:16 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 24 09:46:17 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Jan 24 09:46:46 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sun Jan 25 11:08:58 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 25 11:11:06 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sun Jan 25 16:53:54 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 25 16:54:18 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Mon Jan 26 10:18:14 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 26 10:18:23 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Mon Jan 26 10:23:53 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 26 10:23:54 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Tue Jan 27 20:43:28 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Exception Caught: 0x80010106

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 27 20:44:02 2015

 

 

Return code: 1 (0x1)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Fri Jan 30 22:51:04 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 30 22:55:31 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Jan 31 00:46:44 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 31 00:47:57 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Jan 31 11:20:32 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 31 11:20:36 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sun Feb 01 15:01:28 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 01 15:20:12 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sun Feb 01 19:27:05 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 01 19:27:10 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sun Feb 01 19:33:24 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Mon Feb 02 19:35:28 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Mon Feb 02 20:07:40 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

Results Summary:

----------------

No infection found.

 

Link to post
Share on other sites

Thanks for the logs and the information update, yep delete Pokki if you have access. Pokki does come installed when buying Lenovo computers, it is known to to be untrustworthy so am really unsure why Lenovo continue with it.

 

Run the following to check for remnants of the Pokki nuisance...

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit
 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindpokki*pokki*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Post that log, also let me know if there are any remaining issues or concerns....

 

Thank you,

 

Kevin....
 

Link to post
Share on other sites

I'm working on a HP and it appears that this came with something that my daughter downloaded. If we can get rid of the "Add to Pokki Menu" shell element that would be great. Thanks Kevin.

-Bruce

 

SystemLook 30.07.11 by jpshortstuff

Log created at 07:07 on 03/02/2015 by Audy

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "pokki"

[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki]

[HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki]

@="Add to Pokki Menu"

[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki]

[HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki]

@="Add to Pokki Menu"

[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki]

[HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki]

@="Add to Pokki Menu"

[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki]

[HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki]

@="Add to Pokki Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]

"SBOEM0"="C:\ProgramData\Pokki\Start Menu.lnk"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\AllFileSystemObjects\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\AllFileSystemObjects\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Directory\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Directory\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Drive\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Drive\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\lnkfile\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\lnkfile\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b]

"DisplayIcon"="%LOCALAPPDATA%\Pokki\IconCache\persistent\FarmVille 2.ico"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b]

"Publisher"="Pokki"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b]

"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALL34e8f5c0c9e5744bf2cdb514283762dd0524776b"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5]

"DisplayIcon"="%LOCALAPPDATA%\Pokki\IconCache\persistent\AOL.ico"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5]

"Publisher"="Pokki"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5]

"UninstallString"=""%LOCALAPPDATA%\Pokki\Engine\HostAppService.exe" /UNINSTALLb6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\AllFileSystemObjects\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\AllFileSystemObjects\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Directory\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Directory\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Drive\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Drive\shell\pokki]

@="Add to Pokki Menu"

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\lnkfile\shell\pokki]

[HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\lnkfile\shell\pokki]

@="Add to Pokki Menu"

 

Searching for "*pokki*"

No data found.

 

-= EOF =-

Link to post
Share on other sites

Yes I see HP mentioned all over the logs, I just add the info about Lenovo for information.... Run the following:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7/8 users accept UAC alert. Be aware all processes will be stopped during run, also Desktop may disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki][-HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki][-HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki][-HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]"SBOEM0"=-[-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\AllFileSystemObjects\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Directory\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Drive\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\lnkfile\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\AllFileSystemObjects\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Directory\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Drive\shell\pokki][-HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\lnkfile\shell\pokki]:FilesC:\ProgramData\Pokki:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post the log, also let me know if any remaining issues or concerns...

 

Thank you,

 

Kevin....
 

Link to post
Share on other sites

All processes killed

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Classes\AllFileSystemObjects\shell\pokki\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\Directory\shell\pokki\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\Drive\shell\pokki\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Classes\lnkfile\shell\pokki\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn\\SBOEM0 not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\AllFileSystemObjects\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Directory\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\Drive\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001\Software\Classes\lnkfile\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\AllFileSystemObjects\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Directory\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\Drive\shell\pokki\ not found.

Registry key HKEY_USERS\S-1-5-21-2573563873-3745586224-1449829263-1001_Classes\lnkfile\shell\pokki\ not found.

========== FILES ==========

C:\ProgramData\Pokki folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Audy

->Temp folder emptied: 4954514 bytes

->Temporary Internet Files folder emptied: 822412 bytes

->Google Chrome cache emptied: 344294899 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12296140 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 346.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 02042015_074013

 

Files moved on Reboot...

C:\Users\Audy\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.