CreateRestorePoint: (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2031232 2015-10-25] (Hola Networks Ltd.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\RunOnce: [Application Restart #0] => C:\Users\Daniel Hollowed\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --d (the data entry has 569 more characters). HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\MountPoints2: {fa51f90c-a2f4-11e4-825d-806e6f6e6963} - "E:\Diablo III Setup.exe" GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> DefaultScope {E4384E46-F90F-4484-B105-15B141528225} URL = SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> OldSearch URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20151008&p={searchTerms} SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1838069831-910762768-3284051805-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-10-25] () FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-10-25] (Hola) FF Plugin HKU\S-1-5-21-1838069831-910762768-3284051805-1001: @hola.org/vlc -> C:\Users\Daniel Hollowed\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-09-05] (Hola) CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVtbVQhDRQVGbQ1ZUwlcFVBGchRZWQBJDFYTJg4KVlsUR1cUJh9aFQQTQkcFME0FBloEURNNfXFRBlEiVVRKMko=&q={searchTerms} CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFdAdAgKBQkUDAFCcgkVVVwUExhCeAAATFpBRwIRd1tdB1tGRxNBNARaAktXUUEeJ1pNER8fHH1KJ1FrFVgYU0Y= CHR Extension: (BT Toolbar) - C:\Users\Daniel Hollowed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-08-03] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8104576 2015-10-25] (Hola Networks Ltd.) R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-25] (Hola Networks Ltd.) S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] 2015-10-31 12:37 - 2015-10-31 12:37 - 00003336 _____ C:\Windows\System32\Tasks\SweetLabs App Platform 2015-10-06 16:40 - 2015-11-02 12:03 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2015-10-06 16:40 - 2015-10-06 16:40 - 00001213 _____ C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Nico Mak Computing 2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2015-10-06 16:40 - 2015-10-06 16:40 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2015-11-02 11:41 - 2015-06-26 08:38 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Local\SweetLabs App Platform 2015-10-31 12:37 - 2015-06-26 08:41 - 00002424 _____ C:\Users\Daniel Hollowed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk 2015-10-25 13:23 - 2015-09-05 23:05 - 00000000 ____D C:\Users\Daniel Hollowed\AppData\Roaming\Hola Task: {31DD5B60-D67C-405F-808E-9D929DF6EC54} - \One System Care Monitor -> No File <==== ATTENTION Task: {36ABABB9-D864-4322-AF6F-E3AAC2D1DE4F} - \One System Care Run Delay -> No File <==== ATTENTION Task: {65AF854E-CE09-4626-B36A-B7EF9DB61180} - System32\Tasks\SweetLabs App Platform => %LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe Task: {6B0D84E1-4249-4803-A06B-2377885BCE35} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-05-20] (Nico Mak Computing) Task: {B20F84A7-7E00-441F-A6A9-8B61C7335755} - \One System CarePeriod -> No File <==== ATTENTION IE trusted site: HKU\S-1-5-21-1838069831-910762768-3284051805-1001\...\hola.org -> hxxp://hola.org C:\Program Files\Hola CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on Hosts: EmptyTemp: