Solved Need help with HJT log

Fixlog log file:


Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Calvin (2015-10-14 21:00:46) Run:1
Running from C:\Users\Calvin\Desktop
Loaded Profiles: Calvin (Available Profiles: Calvin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ProxyServer: [S-1-5-21-3178901641-3325030848-3832911895-1000] => 185.28.193.95:8080
RemoveProxy:
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> => No File
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3178901641-3325030848-3832911895-1000: iloen.com/MelOnWebLinker -> C:\Windows\system32\npMelOnWebLinker.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (INICIS INIpay Plugin) - C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Calvin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (MelOnWebLinker) - C:\Windows\system32\npMelOnWebLinker.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S3 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [X]
S4 AVGIDSFilter; system32\DRIVERS\avgidsfiltera.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2010-01-14 18:19 - 2010-01-14 18:19 - 0000122 _____ () C:\Users\Calvin\AppData\Roaming\wklnhst.dat
2011-12-21 21:09 - 2011-12-21 21:10 - 0001586 ___SH () C:\Users\Calvin\AppData\Local\7a24sn6j37j311
2014-02-18 21:30 - 2014-02-18 21:30 - 0008192 _____ () C:\Users\Calvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-03 00:18 - 2014-12-03 00:18 - 0026900 _____ () C:\Users\Calvin\AppData\Local\dt.dat
2010-06-09 22:16 - 2011-10-16 20:47 - 0000000 _____ () C:\Users\Calvin\AppData\Local\prvlcl.dat
2014-08-14 19:37 - 2014-08-14 19:37 - 0000752 _____ () C:\Users\Calvin\AppData\Local\recently-used.xbel
2010-03-03 20:46 - 2010-03-03 20:46 - 0000017 _____ () C:\Users\Calvin\AppData\Local\resmon.resmoncfg
2011-12-21 21:09 - 2011-12-21 21:10 - 0001586 ___SH () C:\ProgramData\7a24sn6j37j311
0-00-00 00:00 - 2010-02-15 21:23 - 0001744 ____H () C:\ProgramData\sasihipa
C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9zrzch.dll
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Calvin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Calvin:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Calvin\Application Data:gs5sys
AlternateDataStreams: C:\Users\Calvin\Cookies:gs5sys
AlternateDataStreams: C:\Users\Calvin\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Calvin\Templates:gs5sys
AlternateDataStreams: C:\Users\Calvin\Desktop\2014-03-26 19.06.09.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\2014-05-11 16.11.46.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\2014-06-27 20.45.29.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\20140626_211015_LLS.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\20140831_101702.mp4:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\2015-02-14 22.27.42.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\Desktop\DSC_2935.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Calvin\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Calvin\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Calvin\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Calvin\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Calvin\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-3178901641-3325030848-3832911895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3178901641-3325030848-3832911895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3178901641-3325030848-3832911895-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000\Software\MozillaPlugins\iloen.com/MelOnWebLinker" => key removed successfully
C:\Windows\system32\npMelOnWebLinker.dll => not found.
C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => not found.
C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll => not found.
C:\Users\Calvin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
C:\Windows\system32\npMelOnWebLinker.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
ACDaemon => service removed successfully
MSCamSvc => service removed successfully
Remote Solver for Flow Simulation 2011 => service removed successfully
AVGIDSFilter => service removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
C:\Users\Calvin\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\Calvin\AppData\Local\7a24sn6j37j311 => moved successfully
C:\Users\Calvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Calvin\AppData\Local\dt.dat => moved successfully
C:\Users\Calvin\AppData\Local\prvlcl.dat => moved successfully
C:\Users\Calvin\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Calvin\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\7a24sn6j37j311 => moved successfully
0-00-00 00:00 - 2010-02-15 21:23 - 0001744 ____H () C:\ProgramData\sasihipa => Error: No automatic fix found for this entry.
"C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9zrzch.dll" => File/Folder not found.
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3178901641-3325030848-3832911895-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Calvin => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Temp => ":C76EDAC3" ADS removed successfully.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
"C:\Users\Calvin\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Calvin\Cookies" => ":gs5sys" ADS not found.
"C:\Users\Calvin\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\Calvin\Templates" => ":gs5sys" ADS not found.
C:\Users\Calvin\Desktop\2014-03-26 19.06.09.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\2014-05-11 16.11.46.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\2014-06-27 20.45.29.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\20140626_211015_LLS.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\20140831_101702.mp4 => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\2015-02-14 22.27.42.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\Desktop\DSC_2935.jpg => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Calvin\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\Calvin\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\Calvin\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\Calvin\AppData\Local\History" => ":gs5sys" ADS not found.
C:\Users\Calvin\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

==== End of Fixlog 21:00:49 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
SecurityCheck log checkup.txt:


Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Microsoft VisualStudio JavaScript Project System
Java(TM) 6 Update 31
Java 7 Update 21
Microsoft VisualStudio JavaScript Language Service
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 37.0.2 Firefox out of Date!
Google Chrome (45.0.2454.101)
Google Chrome (46.0.2490.71)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 
Farbar FSS.txt:


Farbar Service Scanner Version: 26-07-2015
Ran by Calvin (administrator) on 19-10-2015 at 21:56:17
Running from "C:\Users\Calvin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Currently scanning, but very slow.....

Edit 10/23: The Sophos scan shows no threats and so no log was produced.
 
Last edited:
redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

redtarget.gif
FSS log shows one registry issue.
Following steps involve registry editing. Please create new restore point before proceeding!!!
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download win-7-8-action-center-notification-icon-missing.reg from here: http://www.bleepstatic.com/fhost/uploads/1/win-7-8-action-center-notification-icon-missing.reg
Double-click on downloaded file and confirm the prompt.
Restart computer.
Post new FSS log.
 
Updated Firefox, Adobe Flash, and Java.

Here is the latest FSS log after fixing the registry:


Farbar Service Scanner Version: 26-07-2015
Ran by Calvin (administrator) on 28-10-2015 at 20:13:26
Running from "C:\Users\Calvin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Good :)

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
Senius
What would my FPS be low with 4090?
Replies
1
Views
861
Nelson28
N
C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C

Latest posts

Back