Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fixlist please


  • This topic is locked This topic is locked
5 replies to this topic

#1 POKEGAMERZ

POKEGAMERZ

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 17 August 2015 - 05:43 PM

Alright so recently I have been making my own Angry German Kid series and I believe that it has been causing viruses for me-
Symptoms-
1 Random advertisements on Chrome.
2 Windows gives me black screen with pointer for 1 minute after logging on and it takes me around 1 minute for all the other stuff to load. Please provide a fixlist for me after I post the Addition and FRST logs on this thread.

BC AdBot (Login to Remove)

 


#2 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 17 August 2015 - 05:56 PM

Addition log-

 Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015

Ran by POKEGAMERZ at 2015-08-17 22:49:23
Running from C:\Users\POKEGAMERZ\Downloads\FRST-OlderVersion
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2345377856-4029987742-2774889007-500 - Administrator - Disabled)
Guest (S-1-5-21-2345377856-4029987742-2774889007-501 - Limited - Disabled) => C:\Users\Guest
POKEGAMERZ (S-1-5-21-2345377856-4029987742-2774889007-1000 - Administrator - Enabled) => C:\Users\POKEGAMERZ
UpdatusUser (S-1-5-21-2345377856-4029987742-2774889007-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Action Replay PowerSaves 3DS version 1.21 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.21 - Datel Design & Development)
Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version:  - Bohemia Interactive)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A1) (Version:  - )
BB FlashBack Express 5 (HKLM-x32\...\BB FlashBack Express 5) (Version: 5.10.0.3715 - Blueberry)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Combat Arms (HKLM-x32\...\Steam App 212180) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DOOM 3 (HKLM-x32\...\Steam App 9050) (Version:  - id Software)
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0982 - Ezvid, inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.59 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Idle Crawler (HKLM-x32\...\E0A285D1-8023-7B45-B543-32BE98FAA2E1) (Version: 141.0.0.1703 - OVERTON GLOBAL LLP) <==== ATTENTION
Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.2.0 - Nexon)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Graphics Driver 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OAS (HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
SmartPurple (HKLM-x32\...\SmartPurple) (Version:  - )
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Mario Bros. X (HKLM-x32\...\Super Mario Bros. X) (Version:  - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Verizon Software Upgrade Assistant (x32 Version: 15.05.0601 - Motorola Mobility) Hidden
Verizon Wireless Software Upgrade Assistant for Motorola (HKLM-x32\...\{9BEDD987-AC68-44D2-8803-EC0650F6C43F}) (Version: 1.4.6 - Motorola Mobility)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Wondershare MobileGo(Version 7.8.0) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 7.8.0 - Wondershare)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
12-08-2015 16:20:09 Installed Verizon Wireless Software Upgrade Assistant for Motoro떫ܙ✫ࠈȱŀȷ
12-08-2015 17:01:23 Device Driver Package Install: Google, Inc.
16-08-2015 01:26:27 CheckIfInstallerIsBusy
16-08-2015 02:22:30 Installed NaturalReaderFree.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05AF7452-B797-4126-AE98-49244AC1F7BB} - \Elazt No Task File <==== ATTENTION
Task: {17CAEFCD-4211-478F-84CC-035DDFDCAC38} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {205DA1FC-B338-4B63-91BB-DB3CAD16CCB5} - System32\Tasks\{1A9D480F-3391-4C19-B823-0BA46756DB8F} => pcalua.exe -a "D:\OtherDriver\Intel SCT\Setup.exe" -d "D:\OtherDriver\Intel SCT" -c -s
Task: {567CED60-C63B-4955-A88B-6D17EA2BBB78} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {648A98F5-6438-4F0A-8EC9-477414E67EAF} - \bvxvyxvec No Task File <==== ATTENTION
Task: {81E26F0E-87DA-4E35-A795-E55DBF06A162} - System32\Tasks\Verizon Wireless Upgrade Assistant Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {9ABFE1F9-C142-4807-9AFD-A3A5CB196222} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {CF30C0D9-DAA1-4DF0-ABAF-97C44F06A0D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D7ADC817-B9C4-4BEE-B2B4-81A3BAF679A6} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-05-21] ()
Task: {F4284F85-60F8-49E3-B166-894A4CF3ABA2} - System32\Tasks\OneClick => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\OneClick.job => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-29 19:06 - 2012-07-25 08:11 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-29 19:19 - 2012-11-01 12:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-29 19:19 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-07-29 14:56 - 2015-07-28 12:39 - 46341632 _____ () C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nw.exe
2015-04-15 09:11 - 2015-04-15 09:11 - 00162816 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-08-17 22:45 - 2015-08-17 22:45 - 00098816 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32api.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00110080 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\pywintypes27.dll
2015-08-17 22:45 - 2015-08-17 22:45 - 00364544 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\pythoncom27.dll
2015-08-17 22:45 - 2015-08-17 22:45 - 00045568 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_socket.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 01161216 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_ssl.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00320512 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32com.shell.shell.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00713216 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_hashlib.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 01175040 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._core_.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00805888 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._gdi_.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00811008 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._windows_.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 01062400 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._controls_.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00735232 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._misc_.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00682496 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\pysqlite2._sqlite.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00087552 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_ctypes.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00119808 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32file.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00108544 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32security.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00007168 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\hashobjs_ext.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00068096 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\usb_ext.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00167936 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32gui.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00018432 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32event.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00128512 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_elementtree.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00127488 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\pyexpat.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00013824 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\common.time34.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00036864 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_psutil_windows.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00038912 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32inet.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00011264 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32crypt.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00070656 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._html2.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00027136 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_multiprocessing.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00020480 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\_yappi.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00035840 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32process.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00686080 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\unicodedata.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00122368 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._wizard.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00024064 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32pipe.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00010240 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\select.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00025600 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32pdh.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00525640 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\windows._lib_cacheinvalidation.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00017408 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32profile.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00022528 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\win32ts.pyd
2015-08-17 22:45 - 2015-08-17 22:45 - 00078336 _____ () C:\Users\POKEGAMERZ\AppData\Local\Temp\_MEI26082\wx._animate.pyd
2014-04-03 17:48 - 2014-04-03 17:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Shjencueit => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\POKEGAMERZ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3A644707-39D8-4521-AD01-DC63F1DCDA8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D7A21436-EC4E-40A8-8E33-0E8ACE46647E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E748BE8A-98F1-49CC-99FD-7FE6D2B81243}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6725FB25-778C-43D5-8A08-A14C7AE6AD57}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E774DAA0-0C44-4E41-A725-8B966C90F897}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E1F022AD-D3F5-482D-A470-D96AAD0F08F7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{50F3F05F-CFE5-4C0D-8E93-3E621F70E98E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{76B6C718-8994-41EE-92E1-7977D1ECF465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{12FB372B-EE59-41BC-8442-9B95C9295B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{B40E1067-A611-466E-9801-E02ACE6577B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{5388FE7C-54C2-4DAA-879F-8B87301557C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0A3876B1-DF8C-41DB-992E-12F76DECAB7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{10881B50-0F97-43D7-B442-3221E74E69F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Combat Arms\calauncher.exe
FirewallRules: [{A443653B-D656-40DF-8BF6-04A7AB29EE4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Combat Arms\calauncher.exe
FirewallRules: [{DD6E4343-BEB9-4295-AE0E-B3CAF8290153}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Combat Arms\NMService.exe
FirewallRules: [{FE9459A6-FB01-473D-B53C-41A5CA15140D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Combat Arms\NMService.exe
FirewallRules: [{47C4AABE-AAB0-4F58-B4E3-886DFAFD8078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{67056FCE-2FE9-4F82-8DE3-4F47DAAB4C2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AA76FD5D-2540-4C34-9620-505DC7B592DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{EF5305FB-DF04-4485-9919-D591C1D28DB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{4169BCA7-9AC5-4785-B577-5A49B96B9360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{EEBC2D1C-04D3-406A-B6A1-248F33D3E9F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{7C0C1EC3-10AF-47FE-9B98-A58E27FD1DC8}] => (Allow) C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oas.exe
FirewallRules: [{FD589AAA-249A-4BFC-8C5A-B151071AFC7F}] => (Allow) C:\Users\POKEGAMERZ\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{D7016830-8391-4EB1-A2C5-5B06B5A215EC}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{A208EAF0-8F98-45B5-B4DF-769C87C394CB}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{2BF15423-3115-4999-9DAD-40C18E3F7F4C}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{15736960-D2B0-4172-955A-9E0B7E7D3589}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{7D8EFE60-2890-4123-BB2E-D8FD7DF6A109}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{7E8AA108-0E85-4B9E-9761-EFB12E03BBC8}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [TCP Query User{B9AAB91C-1CB2-4B05-8672-6280D5F31039}C:\users\pokegamerz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\pokegamerz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4C9B667A-801B-4E36-BE00-5BC5573123EB}C:\users\pokegamerz\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\pokegamerz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BBAB6AB0-0819-41BB-8C50-1B0471616B40}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{36C9486D-5463-4966-8E95-F1DF6EA8D188}] => (Allow) LPort=2869
FirewallRules: [{92381A5A-0288-4D97-A55E-F342D62FBB95}] => (Allow) LPort=1900
FirewallRules: [{E55D35D1-C33D-4494-A2D8-DD6AD84C9075}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{4CEEA58C-4606-425B-B552-78A81A09B8A0}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [TCP Query User{087B6034-6470-4086-B6C7-570B5F1E3DF1}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{03A4CCD7-5264-4AF2-8101-4C2C771CB345}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{F7C30C29-B46C-4D21-8F26-8BBE7BC06A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{A2DB26B7-93BE-40B6-950F-ED61031B0D9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: bsdriver
Description: bsdriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bsdriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2015 10:46:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 10:44:54 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 10:00:49 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 09:15:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 09:12:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 09:11:01 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 05:00:52 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 04:57:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 04:56:22 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 04:02:20 PM) (Source: LogSys.Client) (EventID: 2) (User: )
Description: Failed creating LogSysMicro.exe processC:\Program Files (x86)\Blueberry Software\BB FlashBack Express 5\UploadProfiles\DefConfig.exe
 
 
System errors:
=============
Error: (08/17/2015 10:49:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014790
 
Error: (08/17/2015 10:49:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/17/2015 10:49:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/17/2015 10:47:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/17/2015 10:47:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.
 
Error: (08/17/2015 10:47:48 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (08/17/2015 10:45:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/17/2015 10:45:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/17/2015 10:45:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/17/2015 10:45:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
 
Microsoft Office:
=========================
Error: (08/17/2015 10:46:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 10:44:54 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 10:00:49 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 09:15:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 09:12:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 09:11:01 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 05:00:52 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 04:57:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/17/2015 04:56:22 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (08/17/2015 04:02:20 PM) (Source: LogSys.Client) (EventID: 2) (User: )
Description: Failed creating LogSysMicro.exe processC:\Program Files (x86)\Blueberry Software\BB FlashBack Express 5\UploadProfiles\DefConfig.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 19%
Total physical RAM: 8143.9 MB
Available physical RAM: 6539.5 MB
Total Virtual: 16285.99 MB
Available Virtual: 14591.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:495.62 GB) (Free:293.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 48F5EECA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=495.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=336.1 GB) - (Type=83)
Partition 4: (Not Active) - (Size=99.7 GB) - (Type=05)
 
==================== End of log ============================
FRST Log-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by POKEGAMERZ (administrator) on POKEGAMERZ-PC on 17-08-2015 22:47:11
Running from C:\Users\POKEGAMERZ\Downloads\FRST-OlderVersion
Loaded Profiles: POKEGAMERZ (Available Profiles: POKEGAMERZ & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{F38E31E7-BE2E-2549-8187-E955AEA97270}\YSearchUtilSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Spotify Ltd) C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\Spotify.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MGNotification.exe
() C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575256 2014-05-12] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-05] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Run: [Spotify Web Helper] => C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-12] (Spotify Ltd)
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Run: [Spotify] => C:\Users\POKEGAMERZ\AppData\Roaming\Spotify\Spotify.exe [7504952 2015-07-12] (Spotify Ltd)
HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-07-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-08-16]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-08-12]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-08-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\POKEGAMERZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2015-07-14]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2345377856-4029987742-2774889007-1000 -> {60E13198-A381-469D-BE9B-5370DD558A96} URL = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-15] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2345377856-4029987742-2774889007-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-11-21] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 16 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{73E174BC-B967-4A74-8A6D-982A019D65EA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F886D80C-C7E6-43E9-81B7-8B5D5544B0BB}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-08-17]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-29]
CHR Extension: (Google Drive) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-29]
CHR Extension: (YouTube) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-29]
CHR Extension: (Google Search) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-29]
CHR Extension: (Google Wallet) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\POKEGAMERZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
U2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [339968 2015-07-08] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [100752 2015-08-06] (Wondershare)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{F38E31E7-BE2E-2549-8187-E955AEA97270}\YSearchUtilSvc.exe [151832 2015-08-06] (Yahoo Inc.)
S2 6d92a170; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaEngine\TampaEngine.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-07-16] (Broadcom Corporation.)
S3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150125.032\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-29] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 21:22 - 2015-08-17 21:22 - 00000576 _____ C:\Users\POKEGAMERZ\Desktop\error.lnk
2015-08-17 21:22 - 2015-08-17 21:22 - 00000043 _____ C:\Users\POKEGAMERZ\Downloads\error.vbs
2015-08-17 18:53 - 2015-08-17 18:53 - 00002182 _____ C:\Users\POKEGAMERZ\Desktop\Speakonia.lnk
2015-08-17 18:44 - 2015-08-17 18:44 - 02714417 _____ C:\Users\POKEGAMERZ\Downloads\speakoniasetup-1.0.exe
2015-08-17 18:44 - 2015-08-17 18:44 - 00000000 ____D C:\Windows\lhsp
2015-08-17 18:44 - 2015-08-17 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CFS-Technologies
2015-08-17 18:44 - 2015-08-17 18:44 - 00000000 ____D C:\Program Files (x86)\CFS-Technologies
2015-08-17 17:45 - 2015-08-17 17:46 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\PhotoScape
2015-08-17 17:39 - 2015-08-17 17:41 - 00000000 ____D C:\ProgramData\MAGIX
2015-08-17 17:39 - 2015-08-17 17:39 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\MAGIX
2015-08-17 17:39 - 2015-08-17 17:39 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\MAGIX
2015-08-17 17:38 - 2015-08-17 17:38 - 29560816 _____ (MAGIX AG) C:\Users\POKEGAMERZ\Downloads\photo_designer_7_28mb_us.exe
2015-08-17 17:29 - 2015-08-17 17:29 - 00675504 _____ (Adobe Systems Incorporated) C:\Users\POKEGAMERZ\Downloads\CreativeCloudSet-Up (1).exe
2015-08-17 17:29 - 2015-08-17 17:29 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\Adobe
2015-08-17 17:28 - 2015-08-17 17:28 - 00675504 _____ (Adobe Systems Incorporated) C:\Users\POKEGAMERZ\Downloads\CreativeCloudSet-Up.exe
2015-08-17 16:03 - 2015-08-17 16:05 - 00000000 ____D C:\ProgramData\Blueberry
2015-08-17 16:03 - 2015-08-17 16:03 - 00000000 ____D C:\Users\POKEGAMERZ\Documents\BB FlashBack Movies
2015-08-17 16:02 - 2015-08-17 16:07 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Blueberry
2015-08-17 16:02 - 2015-08-17 16:02 - 00001420 _____ C:\Users\Public\Desktop\BB FlashBack Express Recorder.lnk
2015-08-17 16:02 - 2015-08-17 16:02 - 00001410 _____ C:\Users\Public\Desktop\BB FlashBack Express Player.lnk
2015-08-17 16:02 - 2015-08-17 16:02 - 00000000 ____D C:\Windows\SysWOW64\MTSLog
2015-08-17 16:02 - 2015-08-17 16:02 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\LogSys
2015-08-17 16:02 - 2015-08-17 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blueberry Software
2015-08-17 16:02 - 2015-08-17 16:02 - 00000000 ____D C:\ProgramData\LogSys
2015-08-17 16:02 - 2015-08-17 16:02 - 00000000 ____D C:\Program Files (x86)\Blueberry Software
2015-08-17 16:00 - 2015-08-17 16:01 - 20327944 _____ (Blueberry) C:\Users\POKEGAMERZ\Downloads\bbfbex5.exe
2015-08-17 15:55 - 2015-08-17 15:55 - 01375998 _____ (Greenshot ) C:\Users\POKEGAMERZ\Downloads\Greenshot-INSTALLER-1.2.6.7-RELEASE.exe
2015-08-17 15:55 - 2015-08-17 15:55 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Greenshot
2015-08-17 15:55 - 2015-08-17 15:55 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\Greenshot
2015-08-16 17:00 - 2015-08-17 16:25 - 00000408 _____ C:\Users\POKEGAMERZ\AppData\Roaming\CamShapes.ini
2015-08-16 17:00 - 2015-08-17 16:25 - 00000408 _____ C:\Users\POKEGAMERZ\AppData\Roaming\CamLayout.ini
2015-08-16 17:00 - 2015-08-17 16:25 - 00000096 _____ C:\Users\POKEGAMERZ\AppData\Roaming\Camdata.ini
2015-08-16 17:00 - 2015-08-17 15:52 - 00004509 _____ C:\Users\POKEGAMERZ\AppData\Roaming\CamStudio.cfg
2015-08-16 16:59 - 2015-08-17 15:53 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-08-16 16:58 - 2015-08-16 16:58 - 11438475 _____ (CamStudio Open Source ) C:\Users\POKEGAMERZ\Downloads\CamStudio_Setup_2-7_r316.exe
2015-08-16 16:57 - 2015-08-16 16:57 - 00960037 _____ C:\Users\POKEGAMERZ\Downloads\camstudio.zip
2015-08-16 02:22 - 2015-08-16 02:25 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Naturalsoft
2015-08-16 02:22 - 2015-08-16 02:22 - 19548464 _____ (Naturalsoft limited ) C:\Users\POKEGAMERZ\Downloads\standardsetup.exe
2015-08-16 02:22 - 2015-08-16 02:22 - 00002047 _____ C:\Users\Public\Desktop\Demo.lnk
2015-08-16 02:22 - 2015-08-16 02:22 - 00002042 _____ C:\Users\Public\Desktop\NaturalReader Free.lnk
2015-08-16 02:22 - 2015-08-16 02:22 - 00000000 ____D C:\Users\POKEGAMERZ\Documents\Naturalsoft
2015-08-16 02:22 - 2015-08-16 02:22 - 00000000 ____D C:\ProgramData\Naturalsoft
2015-08-16 02:22 - 2015-08-16 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naturalsoft
2015-08-16 02:22 - 2015-08-16 02:22 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2015-08-16 02:03 - 2015-08-16 02:04 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\WinZip
2015-08-16 02:03 - 2015-08-16 02:04 - 00000000 ____D C:\ProgramData\WinZip
2015-08-16 02:03 - 2015-08-16 02:03 - 00685648 _____ (WinZip Computing, S.L.) C:\Users\POKEGAMERZ\Downloads\winzip19.exe
2015-08-16 02:03 - 2015-08-16 02:03 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-08-16 02:03 - 2015-08-16 02:03 - 00000000 ____D C:\ProgramData\UniqueId
2015-08-16 02:03 - 2015-08-16 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-08-16 02:03 - 2015-08-16 02:03 - 00000000 ____D C:\Program Files\WinZip
2015-08-16 02:02 - 2015-08-16 02:02 - 00815139 _____ C:\Users\POKEGAMERZ\Downloads\setup (1).rar
2015-08-16 02:02 - 2015-08-16 02:02 - 00815129 _____ C:\Users\POKEGAMERZ\Downloads\setup.rar
2015-08-16 02:00 - 2015-08-16 02:00 - 00605140 _____ C:\Users\POKEGAMERZ\Downloads\Hitler Downfall Original Bunke Downloader__3687_i1584730749.exe.rar
2015-08-16 01:26 - 2015-08-16 01:26 - 31037288 _____ (Microsoft Corporation) C:\Users\POKEGAMERZ\Downloads\wlsetup-idcrl.exe
2015-08-15 23:56 - 2015-08-16 00:09 - 00000000 ____D C:\Program Files (x86)\TampaEngine
2015-08-15 23:56 - 2015-08-15 23:56 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\SendSpace
2015-08-15 23:55 - 2015-08-16 00:07 - 00000000 ____D C:\Program Files (x86)\Shopping Helper
2015-08-15 23:55 - 2015-08-15 23:55 - 00000045 _____ C:\user.js
2015-08-15 23:55 - 2015-08-15 23:55 - 00000000 ____D C:\Windows\system32\uta
2015-08-15 23:54 - 2015-08-17 21:59 - 00000000 ____D C:\ProgramData\{2268b830-ec12-1161-2268-8b830ec1e0c3}
2015-08-15 23:54 - 2015-08-16 00:09 - 00000390 _____ C:\Windows\Tasks\OneClick.job
2015-08-15 23:54 - 2015-08-16 00:09 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Sad Quiver
2015-08-15 23:54 - 2015-08-16 00:07 - 00000000 ____D C:\Program Files (x86)\CutTThEPRice
2015-08-15 23:54 - 2015-08-15 23:54 - 00003312 _____ C:\Windows\System32\Tasks\OneClick
2015-08-15 23:52 - 2015-08-15 23:52 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\YSearchUtil
2015-08-15 23:52 - 2015-08-15 23:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-15 23:50 - 2015-08-15 23:50 - 00000000 ____D C:\ProgramData\Sun
2015-08-15 23:50 - 2015-08-15 23:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-15 23:49 - 2015-08-15 23:49 - 00000000 ____D C:\ProgramData\Oracle
2015-08-15 23:49 - 2015-08-15 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-15 23:49 - 2015-08-15 23:49 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-15 23:48 - 2015-08-15 23:49 - 00563296 _____ (Oracle Corporation) C:\Users\POKEGAMERZ\Downloads\chromeinstall-8u51.exe
2015-08-12 18:16 - 2015-08-12 19:46 - 00000667 _____ C:\Users\POKEGAMERZ\Desktop\Droid MAXX Phone Numbers.lnk
2015-08-12 18:16 - 2015-08-12 18:16 - 00000124 _____ C:\Users\POKEGAMERZ\Downloads\Droid MAXX Phone Numbers.txt
2015-08-12 17:41 - 2015-08-12 19:16 - 00000000 ____D C:\Users\POKEGAMERZ\Desktop\Droid MAXX important backups
2015-08-12 17:02 - 2015-08-12 17:02 - 00000000 ____D C:\Users\POKEGAMERZ\Documents\Wondershare
2015-08-12 17:01 - 2015-08-12 17:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-08-12 16:58 - 2015-08-12 17:02 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Wondershare
2015-08-12 16:58 - 2015-08-12 16:58 - 00001163 _____ C:\Users\Public\Desktop\Wondershare MobileGo.lnk
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\HMYGSetting
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\Users\POKEGAMERZ\.android
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\ProgramData\wondershare
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-08-12 16:58 - 2015-08-12 16:58 - 00000000 ____D C:\Program Files (x86)\Wondershare
2015-08-12 16:57 - 2015-08-12 16:57 - 00925256 _____ C:\Users\POKEGAMERZ\Downloads\mobilego_setup_full818.exe
2015-08-12 16:22 - 2015-08-12 16:22 - 00003516 _____ C:\Windows\System32\Tasks\Verizon Wireless Upgrade Assistant Update
2015-08-12 16:22 - 2015-08-12 16:22 - 00003324 _____ C:\Windows\System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Motorola Mobility
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\ProgramData\Motorola
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Wireless Software Upgrade Assistant - Motorola
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Motorola
2015-08-12 16:21 - 2015-08-12 16:21 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-08-12 16:20 - 2015-08-12 16:20 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2015-08-12 16:20 - 2015-08-12 16:20 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2015-08-12 16:19 - 2015-08-12 16:19 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Motorola
2015-07-31 15:03 - 2015-08-15 23:49 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-07-23 19:13 - 2015-08-16 00:09 - 00000000 ____D C:\Windows\Minidump
2015-07-23 19:13 - 2015-07-23 19:13 - 360055973 _____ C:\Windows\MEMORY.DMP
2015-07-23 19:13 - 2015-07-23 19:13 - 00293848 _____ C:\Windows\Minidump\072315-14913-01.dmp
2015-07-23 15:23 - 2015-07-23 15:23 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\CEF
2015-07-23 14:40 - 2015-07-23 14:43 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-07-20 14:33 - 2015-08-17 22:47 - 00000000 ____D C:\Users\POKEGAMERZ\Downloads\FRST-OlderVersion
2015-07-20 14:33 - 2015-07-20 14:34 - 00011424 _____ C:\Users\POKEGAMERZ\Downloads\FRST.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 22:48 - 2015-07-14 17:27 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\NexonLauncher
2015-08-17 22:48 - 2014-11-30 12:11 - 00006462 _____ C:\Windows\SysWOW64\Gms.log
2015-08-17 22:47 - 2015-06-24 13:38 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Roaming\Spotify
2015-08-17 22:47 - 2015-06-24 13:38 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\Spotify
2015-08-17 22:47 - 2015-04-20 17:13 - 00000000 ____D C:\FRST
2015-08-17 22:46 - 2015-06-25 14:32 - 00000000 ___RD C:\Users\POKEGAMERZ\Google Drive
2015-08-17 22:45 - 2014-11-29 19:06 - 00000000 ____D C:\temp
2015-08-17 22:44 - 2014-11-29 19:07 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-17 22:44 - 2009-07-14 01:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-17 22:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 22:44 - 2009-07-14 00:51 - 00089828 _____ C:\Windows\setupact.log
2015-08-17 22:00 - 2010-11-20 23:47 - 00139472 _____ C:\Windows\PFRO.log
2015-08-17 21:20 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 21:20 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 21:15 - 2015-04-14 20:49 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 21:15 - 2014-11-29 18:56 - 01504279 _____ C:\Windows\WindowsUpdate.log
2015-08-17 18:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Speech
2015-08-16 15:51 - 2015-07-13 15:43 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\Windows Live
2015-08-16 02:17 - 2014-11-29 18:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 01:25 - 2014-12-01 22:47 - 00000000 ____D C:\Users\POKEGAMERZ\AppData\Local\CrashDumps
2015-08-15 23:55 - 2010-11-20 23:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-15 23:55 - 2010-11-20 23:24 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-12 18:29 - 2015-04-20 17:15 - 02173952 _____ (Farbar) C:\Users\POKEGAMERZ\Downloads\FRST64.exe
2015-08-12 16:58 - 2014-11-29 18:55 - 00000000 ____D C:\Users\POKEGAMERZ
2015-08-12 16:20 - 2014-11-29 19:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-30 16:35 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-23 19:16 - 2015-04-14 20:49 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-23 19:16 - 2015-04-14 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-23 19:16 - 2015-04-14 20:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-22 14:29 - 2015-03-20 14:53 - 00017920 _____ C:\Users\POKEGAMERZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 14:26 - 2015-03-20 14:52 - 00000000 ____D C:\Users\POKEGAMERZ\Documents\ezvid
2015-07-20 20:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-20 14:31 - 2015-02-05 21:48 - 00000000 ____D C:\AdwCleaner
 
==================== Files in the root of some directories =======
 
2015-08-16 17:00 - 2015-08-17 16:25 - 0000096 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\Camdata.ini
2015-08-16 17:00 - 2015-08-17 16:25 - 0000408 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\CamLayout.ini
2015-08-16 17:00 - 2015-08-17 16:25 - 0000408 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\CamShapes.ini
2015-08-16 17:00 - 2015-08-17 15:52 - 0004509 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\CamStudio.cfg
2015-03-20 15:15 - 2015-03-20 15:15 - 0000043 _____ () C:\Users\POKEGAMERZ\AppData\Roaming\WB.CFG
2015-03-26 18:43 - 2015-03-26 18:43 - 0000000 _____ () C:\Users\POKEGAMERZ\AppData\Local\.a852.db
2015-03-20 14:53 - 2015-07-22 14:29 - 0017920 _____ () C:\Users\POKEGAMERZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 14:27 - 2014-12-20 14:27 - 0000017 _____ () C:\Users\POKEGAMERZ\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\POKEGAMERZ\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\POKEGAMERZ\AppData\Local\Temp\AutoWifi.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\devcon64.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\FastDownload.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\Quarantine.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\SpOrder.dll
C:\Users\POKEGAMERZ\AppData\Local\Temp\sqlite3.dll
C:\Users\POKEGAMERZ\AppData\Local\Temp\VerizonWirelessSoftwareUpgradeAssistant_1.4.6.exe
C:\Users\POKEGAMERZ\AppData\Local\Temp\ytb.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-20 20:00
 
==================== End of log ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 PM

Posted 18 August 2015 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9-x64 01 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 16 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 6d92a170; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaEngine\TampaEngine.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
Task: {05AF7452-B797-4126-AE98-49244AC1F7BB} - \Elazt No Task File <==== ATTENTION
Task: {648A98F5-6438-4F0A-8EC9-477414E67EAF} - \bvxvyxvec No Task File <==== ATTENTION
Task: {F4284F85-60F8-49E3-B166-894A4CF3ABA2} - System32\Tasks\OneClick => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
Task: C:\Windows\Tasks\OneClick.job => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}
cmd: netsh winsock reset

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
===

How is the computer running now?

#4 POKEGAMERZ

POKEGAMERZ
  • Topic Starter

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 18 August 2015 - 03:15 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9-x64 01 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 16 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 6d92a170; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaEngine\TampaEngine.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
Task: {05AF7452-B797-4126-AE98-49244AC1F7BB} - \Elazt No Task File <==== ATTENTION
Task: {648A98F5-6438-4F0A-8EC9-477414E67EAF} - \bvxvyxvec No Task File <==== ATTENTION
Task: {F4284F85-60F8-49E3-B166-894A4CF3ABA2} - System32\Tasks\OneClick => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
Task: C:\Windows\Tasks\OneClick.job => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}
cmd: netsh winsock reset

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
===

How is the computer running now?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by POKEGAMERZ at 2015-08-18 19:52:44 Run:2
Running from C:\Users\POKEGAMERZ\Downloads\FRST-OlderVersion
Loaded Profiles: POKEGAMERZ & UpdatusUser &  (Available Profiles: POKEGAMERZ & UpdatusUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Winsock: Catalog9-x64 01 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 16 C:\Windows\system32\Shjencueit64.dll File Not ' & $found1 & '
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 6d92a170; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaEngine\TampaEngine.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
Task: {05AF7452-B797-4126-AE98-49244AC1F7BB} - \Elazt No Task File <==== ATTENTION
Task: {648A98F5-6438-4F0A-8EC9-477414E67EAF} - \bvxvyxvec No Task File <==== ATTENTION
Task: {F4284F85-60F8-49E3-B166-894A4CF3ABA2} - System32\Tasks\OneClick => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
Task: C:\Windows\Tasks\OneClick.job => c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}\angry german kid high quality.wmv.exe <==== ATTENTION
c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3}
cmd: netsh winsock reset
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000016 => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKU\S-1-5-21-2345377856-4029987742-2774889007-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
6d92a170 => Service removed successfully
gupdate => Service removed successfully
gupdatem => Service removed successfully
bsdriver => Service removed successfully
EagleX64 => Service removed successfully
MSICDSetup => Service removed successfully
NTIOLib_1_0_C => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05AF7452-B797-4126-AE98-49244AC1F7BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05AF7452-B797-4126-AE98-49244AC1F7BB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Elazt => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{648A98F5-6438-4F0A-8EC9-477414E67EAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{648A98F5-6438-4F0A-8EC9-477414E67EAF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvec => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4284F85-60F8-49E3-B166-894A4CF3ABA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4284F85-60F8-49E3-B166-894A4CF3ABA2}" => key removed successfully
C:\Windows\System32\Tasks\OneClick => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneClick" => key removed successfully
C:\Windows\Tasks\OneClick.job => moved successfully.
c:\programdata\{2268b830-ec12-1161-2268-8b830ec1e0c3} => moved successfully.
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 6.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:53:57 ====
This is the fixlog and thanks my PC is running better now.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 PM

Posted 19 August 2015 - 07:08 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 PM

Posted 25 August 2015 - 07:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users