~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.3 (10.21.2014:1) OS: Windows 8.1 x64 Ran by stephane on 24/10/2014 at 16:21:50,56 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] update wiseenhance Failed to stop: [Service] util wiseenhance ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2442689183-2197710624-2519730625-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== Pokki REG_EXPAND_SZ C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update wiseenhance Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util wiseenhance Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B17F09EA-F911-4298-9D41-BED56B036A6D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} ~~~ Files Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal" Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage" Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal" Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\stephane\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal" ~~~ Folders Successfully deleted: [Folder] "C:\Users\stephane\AppData\Roaming\mysearchdial" Successfully deleted: [Folder] "C:\Program Files (x86)\mysearchdial" Failed to delete: [Folder] "C:\Program Files (x86)\wiseenhance" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/10/2014 at 16:30:24,16 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~