Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP ME! Fixlist needed for Farbar Recovery Scan Tool


  • This topic is locked This topic is locked
10 replies to this topic

#1 POKEGAMERZ

POKEGAMERZ

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 18 April 2015 - 05:30 PM

Alright so my computer used to be full of malware, Trojan and a lot of junk but I let Malwarebytes take care of my problem. I thought that all my viruses were gone but Adwcleaner detects 3 of the same proxy viruses that I keep trying to delete and now I feel it is up to FRST to try and save me. I am going to put down the FRST log and the Addition log. Can any of you please make a Fixlist for me given the information that I will be posting please?

BC AdBot (Login to Remove)

 


#2 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 18 April 2015 - 05:37 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by POKEGAMERZ at 2015-04-18 18:22:44
Running from C:\Users\POKEGAMERZ\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action Replay PowerSaves 3DS version 1.21 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.21 - Datel Design & Development)
Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A1) (Version: - )
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Combat Arms (HKLM-x32\...\Steam App 212180) (Version: - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version: - id Software)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0982 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.59 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Idle Crawler (HKLM-x32\...\E0A285D1-8023-7B45-B543-32BE98FAA2E1) (Version: 141.0.0.1703 - OVERTON GLOBAL LLP) <==== ATTENTION
Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OAS (HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
SmartPurple (HKLM-x32\...\SmartPurple) (Version: - )
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

02-02-2015 13:44:24 Removed Oracle VM VirtualBox 4.3.16
02-02-2015 13:54:06 Windows Update
02-02-2015 16:57:32 Windows Update
10-02-2015 20:42:51 Windows Update
11-02-2015 21:40:09 Windows Update
11-02-2015 21:40:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
11-02-2015 21:42:15 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
11-02-2015 21:42:19 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
11-02-2015 21:42:49 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
11-02-2015 21:43:59 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
11-02-2015 21:45:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
20-03-2015 14:38:35 Supprimé Webplayer Remote

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {147C98B5-0F0A-4C75-990B-44029AB0A688} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\E0A285D1-8023-7B45-B543-32BE98FAA2E1\Runner.exe
Task: {15ECB104-BBAA-48D6-A5C4-2C7E41F72E19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-29] (Google Inc.)
Task: {1BDEA0DD-F464-4810-9CD3-2B979EB10FC0} - \CIMT_daily_S-1-5-21-2345377856-4029987742-2774889007-1000 No Task File <==== ATTENTION
Task: {1FFB5879-DF07-4B73-B4A2-19E94CCDE5BB} - System32\Tasks\wKgwSjymXULsAgF => C:\Users\POKEGAMERZ\AppData\Roaming\ypC9PpU\pvexYXK.exe [2015-03-25] ( )
Task: {205DA1FC-B338-4B63-91BB-DB3CAD16CCB5} - System32\Tasks\{1A9D480F-3391-4C19-B823-0BA46756DB8F} => pcalua.exe -a "D:\OtherDriver\Intel SCT\Setup.exe" -d "D:\OtherDriver\Intel SCT" -c -s
Task: {3C800CD4-A022-434D-B196-8B487F955E81} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313535363539303934362d5b554a6c6c5a23572a415534 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {567CED60-C63B-4955-A88B-6D17EA2BBB78} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5C1E21C9-A363-4A6E-8F6C-D0D04C9200F4} - \PaceItUp Update No Task File <==== ATTENTION
Task: {6B40A26A-B450-478C-9C68-B8EB2E905E8E} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\E0A285D1-8023-7B45-B543-32BE98FAA2E1\Runner.exe
Task: {7A97F25A-BF0F-41F5-913E-D8A7841F944B} - System32\Tasks\XbNxJMycOdU70G3 => C:\Users\POKEGAMERZ\AppData\Roaming\TEMt4je\9HfJHS8.exe [2015-03-25] ( )
Task: {87DC6D3B-DC55-4CB4-B68E-46F19EE10A2F} - \Binkiland cesa No Task File <==== ATTENTION
Task: {983DDF4F-FB56-4BBC-92D3-7FADAC591F51} - System32\Tasks\QAPZBODXZK => C:\ProgramData\b2714154b29e46b4a53d9b6d21b8db45\b2714154b29e46b4a53d9b6d21b8db45.exe [2015-03-26] ()
Task: {9ABFE1F9-C142-4807-9AFD-A3A5CB196222} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {A90D4DF7-552D-46AE-88B8-FDE8ADD5BC8F} - System32\Tasks\Nx3m2nzWQdsiOQg => C:\Users\POKEGAMERZ\AppData\Roaming\V5g5SfY\xizmF27.exe [2015-03-25] ( )
Task: {AC066CB1-48DE-40C2-9359-339FDBB8B0DE} - \CIMT_S-1-5-21-2345377856-4029987742-2774889007-1000 No Task File <==== ATTENTION
Task: {CEE376E4-4155-4D1E-9F01-7E5D8D7BBACD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-29] (Google Inc.)
Task: {CF30C0D9-DAA1-4DF0-ABAF-97C44F06A0D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313535363539303934362d5b554a6c6c5a23572a415534.job => C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-29 19:06 - 2012-07-25 08:11 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 14:40 - 2015-03-20 14:40 - 00113664 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\jnse7C61.tmp
2014-11-29 19:19 - 2012-11-01 12:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-29 19:19 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-03-20 14:40 - 2015-03-19 13:01 - 00256512 ___SH () C:\Program Files (x86)\Ghnuitatedlemenits\Ghnuitatedlemenits.exe
2015-03-20 14:43 - 2015-03-20 14:43 - 00088576 _____ () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862587-0000-0000-448A5BD48949\snsf5489.tmp
2015-03-20 18:27 - 2015-03-20 18:28 - 00139776 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\nsj4D30.tmp
2015-03-20 14:42 - 2015-03-20 14:42 - 00104960 _____ () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862569-0000-0000-448A5BD48949\cnsvE39.tmp
2015-03-26 18:46 - 2015-03-26 15:48 - 00342016 _____ () C:\ProgramData\SmartPurple\SmartPurple.exe
2015-03-12 10:10 - 2015-03-12 10:10 - 00102400 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exe
2014-09-23 03:09 - 2014-09-23 03:09 - 00007168 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\mcc.exe
2014-12-05 10:39 - 2014-12-05 10:39 - 40561664 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL
2014-12-05 10:39 - 2014-12-05 10:39 - 01359360 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\libglesv2.dll
2014-12-05 10:39 - 2014-12-05 10:39 - 00212992 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\libegl.dll
2014-12-05 10:40 - 2014-12-05 10:40 - 09302016 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\pdf.dll
2014-12-05 10:39 - 2014-12-05 10:39 - 00985088 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\oas\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VCL => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\POKEGAMERZ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2345377856-4029987742-2774889007-500 - Administrator - Disabled)
Guest (S-1-5-21-2345377856-4029987742-2774889007-501 - Limited - Disabled) => C:\Users\Guest
POKEGAMERZ (S-1-5-21-2345377856-4029987742-2774889007-1000 - Administrator - Enabled) => C:\Users\POKEGAMERZ
UpdatusUser (S-1-5-21-2345377856-4029987742-2774889007-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 06:22:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 06:20:45 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/18/2015 04:44:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: oas.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 64BA5055
Stack:

Error: (04/18/2015 04:43:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0xed8
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0xd70
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0xf30
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:41:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0x1390
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:39:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0x770
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:37:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0xda4
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3

Error: (04/18/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oas.exe, version: 1.0.9.9, time stamp: 0x55019e6d
Faulting module name: libcef.DLL, version: 3.2171.1949.0, time stamp: 0x5481c1dc
Exception code: 0x4000001f
Fault offset: 0x0013b220
Faulting process id: 0x1080
Faulting application start time: 0xoas.exe0
Faulting application path: oas.exe1
Faulting module path: oas.exe2
Report Id: oas.exe3


System errors:
=============
Error: (04/18/2015 06:21:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VCL service failed to start due to the following error:
%%2

Error: (04/18/2015 06:21:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.

Error: (04/18/2015 04:09:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147014790

Error: (04/18/2015 04:08:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (04/18/2015 04:08:53 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952506.

Error: (04/18/2015 04:06:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VCL service failed to start due to the following error:
%%2

Error: (04/18/2015 04:06:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.

Error: (04/18/2015 03:34:54 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (04/18/2015 03:34:54 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952506.

Error: (04/18/2015 03:34:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.


Microsoft Office Sessions:
=========================
Error: (04/18/2015 06:22:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 06:20:45 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (04/18/2015 04:44:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: oas.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 64BA5055
Stack:

Error: (04/18/2015 04:43:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220ed801d07a184dd1b931C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL8b99abb9-e60b-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220d7001d07a182970bf89C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL673c9a16-e60b-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:41:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220f3001d07a1804b7e1c5C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL427d72ed-e60b-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:41:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220139001d07a17dfea2439C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL41890858-e60b-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:39:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b22077001d07a17bbf7a414C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLLf9c9432e-e60a-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:37:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220da401d07a17728799f9C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLLb04f07d2-e60a-11e4-a4de-b4750e444d88

Error: (04/18/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oas.exe1.0.9.955019e6dlibcef.DLL3.2171.1949.05481c1dc4000001f0013b220108001d07a1605af04d6C:\Users\POKEGAMERZ\AppData\Roaming\oas\oas.exeC:\Users\POKEGAMERZ\AppData\Roaming\oas\libcef.DLL4374e41f-e609-11e4-a4de-b4750e444d88



#3 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 18 April 2015 - 05:39 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 (ATTENTION: ====> FRST version is 72 days old and could be outdated)
Ran by POKEGAMERZ (administrator) on POKEGAMERZ-PC on 18-04-2015 18:22:09
Running from C:\Users\POKEGAMERZ\Downloads
Loaded Profiles: POKEGAMERZ (Available profiles: POKEGAMERZ & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\jnse7C61.tmp
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Ghnuitatedlemenits\Ghnuitatedlemenits.exe
() C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862587-0000-0000-448A5BD48949\snsf5489.tmp
() C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\nsj4D30.tmp
() C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862569-0000-0000-448A5BD48949\cnsvE39.tmp
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\ProgramData\SmartPurple\SmartPurple.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oas.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\OAS\mcc.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oas.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oas.exe
() C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oas.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-05] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Run: [Online Ad Scanner] => C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oasupd.exe [28672 2015-02-18] ()
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Run: [GoogleChromeAutoLaunch_C59B06D71A544B94AAEC3A06EE8C2120] => "C:\Users\POKEGAMERZ\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2345377856-4029987742-2774889007-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2345377856-4029987742-2774889007-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2345377856-4029987742-2774889007-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll (Symantec Corporation)
Winsock: Catalog9 01 C:\Windows\system32\Gambali.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Gambali.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Gambali.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Gambali.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\Gambali.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Gambali64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-04-18]
FF HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Firefox\Extensions: [{14459E59-219C-CA71-9BA5-7742BD615879}] - C:\Program Files (x86)\ver3PaceItUp\190.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CinPlus_2.1V20.03) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
CHR Extension: (Google Drive) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
CHR Extension: (YouTube) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]
CHR Extension: (Google Search) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]
CHR Extension: (Google Wallet) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]
CHR Extension: (pneoplpmnpjoioldpodoljacigkahohc) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2015-03-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 berogupe; C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\jnse7C61.tmp [113664 2015-03-20] () [File not signed]
R2 Ghnuitatedlemenits; C:\Program Files (x86)\Ghnuitatedlemenits\Ghnuitatedlemenits.exe [256512 2015-03-19] () [File not signed] <==== ATTENTION
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 joniniwi; C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862587-0000-0000-448A5BD48949\snsf5489.tmp [88576 2015-03-20] () [File not signed]
R2 liqekemy; C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949\nsj4D30.tmp [139776 2015-03-20] () [File not signed]
R2 merohihi; C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862569-0000-0000-448A5BD48949\cnsvE39.tmp [104960 2015-03-20] () [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 SmartPurple; C:\ProgramData\SmartPurple\SmartPurple.exe [342016 2015-03-26] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 VCL; C:\Program Files (x86)\IGS\VCL.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-29] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 MFE_RR; \??\C:\Users\POKEGA~1\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 16:22 - 2015-04-18 16:22 - 00000407 _____ () C:\Users\POKEGAMERZ\Downloads\fixme.reg
2015-04-18 16:19 - 2015-04-18 16:19 - 00000407 _____ () C:\Users\POKEGAMERZ\Downloads\Search.txt
2015-04-18 15:47 - 2015-04-18 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-18 15:46 - 2015-04-18 15:55 - 00000000 ____D () C:\Users\POKEGAMERZ\Desktop\mbar
2015-04-14 20:49 - 2015-04-18 15:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 20:49 - 2015-04-18 15:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 20:49 - 2015-04-14 20:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-14 20:49 - 2015-04-14 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 20:49 - 2015-04-14 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-14 20:49 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 20:49 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 20:44 - 2015-04-14 20:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-04-11 17:44 - 2015-04-11 17:44 - 00000000 ____D () C:\Users\POKEGAMERZ\Desktop\CD Burning Experiment 3
2015-04-11 17:34 - 2015-04-11 17:34 - 00000000 ____D () C:\Users\POKEGAMERZ\Desktop\CD Burning Experiment 2
2015-04-11 17:22 - 2015-04-11 17:22 - 00000000 ____D () C:\Users\POKEGAMERZ\Desktop\CD Burning Experiment 1
2015-04-11 17:18 - 2015-04-11 17:18 - 00000089 _____ () C:\Users\POKEGAMERZ\Downloads\CD BURNING FILE.txt
2015-04-01 12:03 - 2015-04-14 20:53 - 00000540 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313535363539303934362d5b554a6c6c5a23572a415534.job
2015-03-26 18:47 - 2015-03-26 18:47 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-26 18:46 - 2015-03-26 18:46 - 00003588 _____ () C:\Windows\System32\Tasks\QAPZBODXZK
2015-03-26 18:46 - 2015-03-26 18:46 - 00000000 ____D () C:\ProgramData\b2714154b29e46b4a53d9b6d21b8db45
2015-03-26 18:45 - 2015-03-26 18:45 - 00000000 ____D () C:\ProgramData\f0a3c84dae134b84ac8ac0e163fe8686
2015-03-26 18:44 - 2015-03-26 18:46 - 00000000 ____D () C:\ProgramData\SmartPurple
2015-03-26 18:43 - 2015-03-26 18:43 - 00000000 _____ () C:\Users\POKEGAMERZ\AppData\Local\.a852.db
2015-03-25 18:52 - 2015-03-25 18:52 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-03-25 18:49 - 2015-03-25 18:49 - 00003292 _____ () C:\Windows\System32\Tasks\wKgwSjymXULsAgF
2015-03-25 18:49 - 2015-03-25 18:49 - 00003250 _____ () C:\Windows\System32\Tasks\Nx3m2nzWQdsiOQg
2015-03-25 18:49 - 2015-03-25 18:49 - 00003248 _____ () C:\Windows\System32\Tasks\XbNxJMycOdU70G3
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\ypC9PpU
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\V5g5SfY
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\TEMt4je
2015-03-20 16:22 - 2015-03-20 16:22 - 02171392 _____ () C:\Users\POKEGAMERZ\Downloads\AdwCleaner.exe
2015-03-20 15:15 - 2015-03-20 16:04 - 00008544 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-20 15:15 - 2015-03-20 16:04 - 00008544 _____ () C:\Windows\system32\VCLOff.ini
2015-03-20 15:15 - 2015-03-20 16:04 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-20 15:15 - 2015-03-20 15:15 - 00000043 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\WB.CFG
2015-03-20 14:53 - 2015-04-01 10:59 - 00009728 _____ () C:\Users\POKEGAMERZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 14:53 - 2015-03-20 14:53 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\ezvid,_inc
2015-03-20 14:52 - 2015-03-30 21:44 - 00000000 ____D () C:\Users\POKEGAMERZ\Documents\ezvid
2015-03-20 14:52 - 2015-03-20 14:53 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426863178-0000-0000-448A5BD48949
2015-03-20 14:52 - 2015-03-20 14:52 - 00068327 _____ () C:\Windows\unins000.dat
2015-03-20 14:52 - 2015-03-20 14:52 - 00001033 _____ () C:\Users\Public\Desktop\ezvid.lnk
2015-03-20 14:52 - 2015-03-20 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid
2015-03-20 14:52 - 2015-03-20 14:52 - 00000000 ____D () C:\Program Files (x86)\ezvid
2015-03-20 14:52 - 2015-03-20 14:51 - 00753873 _____ () C:\Windows\unins000.exe
2015-03-20 14:52 - 2013-08-01 19:16 - 00438008 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturing.dll
2015-03-20 14:52 - 2013-08-01 19:16 - 00265976 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturingFilter.dll
2015-03-20 14:52 - 2013-08-01 19:16 - 00175864 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutVideoMixerFilter.dll
2015-03-20 14:52 - 2013-04-07 17:09 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2015-03-20 14:52 - 2013-04-07 17:09 - 00148992 _____ ( ) C:\Windows\system32\Lagarith.dll
2015-03-20 14:50 - 2015-03-20 14:50 - 01168896 _____ (Ezvid, inc. ) C:\Users\POKEGAMERZ\Downloads\ezvid0982d.exe
2015-03-20 14:45 - 2015-04-14 20:56 - 00000000 ____D () C:\Program Files (x86)\ca8a89e7-e095-431f-8d23-eabb8ceb20d5
2015-03-20 14:45 - 2015-03-20 14:47 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\Setup8361591
2015-03-20 14:45 - 2015-03-20 14:45 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\IsolatedStorage
2015-03-20 14:45 - 2015-03-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
2015-03-20 14:45 - 2015-03-20 14:45 - 00000000 ____D () C:\ProgramData\{6058889B-30DA-591D-815C-299F51DEFA11}
2015-03-20 14:45 - 2015-03-20 14:45 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.6b
2015-03-20 14:45 - 2010-10-24 00:56 - 00049664 _____ (CamStudio Group) C:\Windows\system32\CamCodec.dll
2015-03-20 14:44 - 2015-03-20 15:15 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-20 14:44 - 2015-03-20 14:44 - 04472121 _____ (CamStudio Open Source Dev Team ) C:\Users\POKEGAMERZ\Downloads\CamStudio_Setup [1].exe
2015-03-20 14:43 - 2015-04-18 16:11 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862587-0000-0000-448A5BD48949
2015-03-20 14:43 - 2015-03-20 14:43 - 00704400 _____ (Installer ) C:\Users\POKEGAMERZ\Downloads\CamStudio_Setup.exe
2015-03-20 14:42 - 2015-03-20 14:43 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\E0A285D1-8023-7B45-B543-32BE98FAA2E1
2015-03-20 14:42 - 2015-03-20 14:42 - 00004642 _____ () C:\Windows\System32\Tasks\Special IC Runner
2015-03-20 14:42 - 2015-03-20 14:42 - 00004334 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313535363539303934362d5b554a6c6c5a23572a415534
2015-03-20 14:42 - 2015-03-20 14:42 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\Macromedia
2015-03-20 14:42 - 2015-03-20 14:42 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\Adobe
2015-03-20 14:42 - 2015-03-20 14:42 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862569-0000-0000-448A5BD48949
2015-03-20 14:41 - 2015-03-20 14:41 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\Compete
2015-03-20 14:40 - 2015-04-18 18:22 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\OAS
2015-03-20 14:40 - 2015-03-20 14:40 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\00000000-1426862433-0000-0000-448A5BD48949
2015-03-20 14:39 - 2015-04-14 20:56 - 00000000 ____D () C:\Program Files (x86)\58f74194-2dcf-4864-9a1d-f41029d3e60d
2015-03-20 14:39 - 2015-03-20 18:28 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Roaming\00000000-1426876787-0000-0000-448A5BD48949
2015-03-20 14:39 - 2015-03-20 14:40 - 00000000 __SHD () C:\Program Files (x86)\Ghnuitatedlemenits
2015-03-20 14:38 - 2015-03-20 14:38 - 00000000 ____D () C:\ProgramData\9041931655391984219
2015-03-20 14:37 - 2015-03-30 21:44 - 00000478 _____ () C:\Users\POKEGAMERZ\AppData\Local\recently-fix.db
2015-03-20 14:37 - 2015-03-20 14:37 - 00000000 ____D () C:\ProgramData\atjs
2015-03-20 14:35 - 2015-03-20 14:38 - 00000000 ____D () C:\Program Files (x86)\MyPcBackup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 18:22 - 2015-02-02 17:21 - 00015054 _____ () C:\Users\POKEGAMERZ\Downloads\FRST.txt
2015-04-18 18:22 - 2015-02-02 17:20 - 00000000 ____D () C:\FRST
2015-04-18 18:20 - 2014-11-29 19:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-18 18:20 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-18 18:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 18:20 - 2009-07-14 00:51 - 00038948 _____ () C:\Windows\setupact.log
2015-04-18 16:44 - 2014-11-30 12:11 - 00009622 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-18 16:43 - 2014-12-01 22:47 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\CrashDumps
2015-04-18 16:14 - 2015-02-05 21:48 - 00000000 ____D () C:\AdwCleaner
2015-04-18 16:14 - 2009-07-14 00:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 16:14 - 2009-07-14 00:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 16:13 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-18 16:09 - 2014-11-29 18:56 - 02072020 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 21:31 - 2014-11-29 18:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 21:08 - 2010-11-20 23:47 - 00061272 _____ () C:\Windows\PFRO.log
2015-04-14 20:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2015-04-01 11:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-01 11:01 - 2014-11-29 19:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 10:55 - 2014-11-29 19:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 18:46 - 2014-11-29 19:23 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-25 18:46 - 2014-11-29 19:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-03-25 18:46 - 2014-11-29 19:23 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-03-20 15:14 - 2014-11-29 19:20 - 00000000 ____D () C:\Program Files\Google
2015-03-20 14:42 - 2014-11-29 19:20 - 00000000 ____D () C:\Users\POKEGAMERZ\AppData\Local\Google
2015-03-20 14:42 - 2014-11-29 19:20 - 00000000 ____D () C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2015-03-20 15:15 - 2015-03-20 15:15 - 0000043 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\WB.CFG
2015-03-26 18:43 - 2015-03-26 18:43 - 0000000 _____ () C:\Users\POKEGAMERZ\AppData\Local\.a852.db
2015-03-20 14:53 - 2015-04-01 10:59 - 0009728 _____ () C:\Users\POKEGAMERZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 14:37 - 2015-03-30 21:44 - 0000478 _____ () C:\Users\POKEGAMERZ\AppData\Local\recently-fix.db
2014-12-20 14:27 - 2014-12-20 14:27 - 0000017 _____ () C:\Users\POKEGAMERZ\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\POKEGAMERZ\AppData\Local\Temp\124BF0B2-E53B-213B-268B-4511DD53B6AA.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\amisetup6406__12086.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\amisetup6442__12087.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\amisetup6485__12085.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\AutoWifi.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\CloudBackup9677.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\compete.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\cw.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\dcacabfcdcbe.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\devcon64.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\EAB3EB71-86DC-862C-E185-BE32B72AB11C.dll
C:\Users\POKEGAMERZ\AppData\Local\Temp\EAB3EB71-86DC-862C-E185-BE32B72AB11C.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\Installmanager.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\OnlineBackup.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\setup.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\SpOrder.dll
C:\Users\POKEGAMERZ\AppData\Local\Temp\supoptsetup.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-27 13:01

==================== End Of Log ============================



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:31 PM

Posted 18 April 2015 - 10:14 PM

Hi POKEGAMERZ,
 
We actually ask that you read this and provide all the files from the scans from here.

Preparation guide for use before using malware removal tools and requesting help

If nothing else, please download a fresh copy of Farbar Recovery Scan Tool 64bit and provide the fresh logs. Most of the malware you are fighting will be handled by the newer versions of FRST.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 April 2015 - 08:31 AM

Hi POKEGAMERZ,
 
We actually ask that you read this and provide all the files from the scans from here.

Preparation guide for use before using malware removal tools and requesting help

If nothing else, please download a fresh copy of Farbar Recovery Scan Tool 64bit and provide the fresh logs. Most of the malware you are fighting will be handled by the newer versions of FRST.

Do the newer versions provide a Fixlist or do I have to repost the FRST and Addition logs and have one made for me?

#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:31 PM

Posted 20 April 2015 - 01:44 AM

The newer version of FRST has commands added to it to help fight the latest malware.  No versions of FRST will make a Fixlist script automatically; the scripts have to be constructed manually by trained malware fighters.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 20 April 2015 - 04:18 PM

Attached File  Addition.txt   22.92KB   5 downloadsAttached File  FRST.txt   24.29KB   6 downloads

The newerarrow-10x10.png version of FRST has commands added to it to help fight the latest malware.  No versions of FRST will make a Fixlist script automatically; the scripts have to be constructed manually by trained malware fightersarrow-10x10.png.

I reinstalled FRST64 Bit on my desktop and have an updated version of the FRST and Addition logsarrow-10x10.png. Pleasearrow-10x10.png make me a fixlist now that you do have the updated versions of my logs.



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:31 PM

Posted 20 April 2015 - 07:33 PM

Note:
Chrome -> The malware has changed the version of Chrome to a less secure type. The only way to fix this is to uninstall Chrome and re-install it.

First Step >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome
Idle Crawler
SmartPurple
OAS (Online Ad Scanner)



To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Second Step >>>>

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

Third Step >>>>

64 bit: Reboot your machine and then go to here and download a fresh installer for Chrome.

Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.


Information to Reply with >>>>

  • How did the uninstalls go?
  • The FRST Fixlog.txt file text.
  • Any problem with the Chrome install? How is it running now?

Attached Files


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 20 April 2015 - 07:50 PM

Note:
Chrome -> The malware has changed the version of Chrome to a less secure type. The only way to fix this is to uninstall Chrome and re-install it.First Step >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):Google Chrome
Idle Crawler
SmartPurple
OAS (Online Ad Scanner)

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.Second Step >>>>
Download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.
The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.Press%20the%20FIX%20button_zpsdd5zi3mt.p
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.Third Step >>>>
64 bit: Reboot your machine and then go to here and download a fresh installer for Chrome.
Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.Information to Reply with >>>>

  • How did the uninstalls go?
  • The FRST Fixlog.txt file text.
  • Any problem with the Chrome install? How is it running now?
WOW MAN! YOU REALLY SAVED ME! THANK YOU SO MUCH! I SPENT WEEKS TRYING TO KILL THESE VIRUSES AND YOU FINALLY HELP ME KILL THEM ON! ONCE AGAIN THANK YOU FOR ALL THE HELP!

#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:31 PM

Posted 21 April 2015 - 02:41 PM

Please post the Fixlog here for review.  Thanks.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:10:31 PM

Posted 15 May 2015 - 02:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users