New
#11
GuyInDogSuit,
System Restore (SR) is disabled by default on Windows 10. The Operating System does have Reset/Refresh this PC features which reinstall Windows 10, keeping files and most programs installed. However, IMO, System Restore is a useful tool when it comes to recovering from certain circumstances, and it appears you have the space for it.
Please take action to enable SR before running the FRST fixlist that follows.
To enable SR:
On the Desktop, in the Search here area of the TaskBar, type: System Restore
Press: Enter
When Create a Restore Point is displayed, click on it.
In System Properties > System Protection tab > Protection Settings, Protection is Off for Windows (C:) (System)
To change this, click: Configure
Tick: Turn on system protection
Below, drag the slider to a reasonable amount of space.
The larger, the more Restore Points, and the further back in time it can go.
(Example, for a drive larger than 250GB, would recommend at least 10GB of space.)
Click: Apply
Click: Create
Give the new Restore Point a name.
Wait for Windows to create the RP, and click: OK
Next, please do the following:
Press the Windows and R keys at the same time.
This opens the Run box.
Type Notepad and click OK.
Next, please copy the entire contents inside the code box below to Notepad:
Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from E:\Downloads, vs. the Desktop. They both need to be in the same place, preferably the Desktop.Code:Start CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction <======= ATTENTION S3 dbx; system32\DRIVERS\dbx.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] S3 PCASp60; System32\Drivers\PCASp60.sys [X] C:\ProgramData\fontcacheev1.dat CustomCLSID: HKU\S-1-5-21-837606628-3980760942-254267324-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\andre\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncApi64.dll => No File EmptyTemp: cmd: ipconfig /flushdns Reboot: End
Next, run FRST and click Fix only once, and wait.
When done, the tool creates a log: Fixlog.txt
Please attach Fixlog.txt to your reply.
How is the system running?
Is the suspicious website still showing up?
After go.oclasrv.com appears on the system, the default DNS settings of browsers such Chrome and are altered.
Included the command ipconfig /flushdns considering this issue.
Also, open Chrome, click on the 3 horizontal dots and click Select More Tools > Extensions
If you see any malicious extensions please delete them.
Next, go to Settings.
Select Open a specific page or set of pages and click on: Set pages
If you find any malicious websites, delete them by clicking the X next to them.
Last edited by cottonball; 31 Jan 2017 at 23:38.