Solved Friends Vista Home laptop infected

Broni · Apr 1, 2015

No. Same procedure.

You posted FRST.txt log twice. I still need Addition.txt log.

learninmypc · Apr 1, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Jack at 2015-03-31 13:38:31
Running from C:\Users\Jack\Desktop\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
6200 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6200_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
6200Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: - )
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Docs Opener 0.1 (HKLM\...\Docs Opener) (Version: 0.1 - )
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (HKLM\...\{171E6C1E-B5FC-11DF-B115-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{FE57DE70-95DE-4B64-9266-84DA811053DB}) (Version: 4.000.012.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Local Temperature (HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\...\Local Temperature) (Version: 1.0.0.2 - Local Temperature LLC)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PrimoPDF (HKLM\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Quicken 2010 (HKLM\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.1.27 - Intuit)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Search Module Plus (HKLM\...\Search Module Plus) (Version: - Goobzo)
SiteSpinner Pro V2 (HKLM\...\{0235B9FB-3225-4A55-BD77-1B1C43D3865F}) (Version: 2.91.8 - Virtual Mechanics)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPrograms (HKLM\...\WebWatcherInstall) (Version: - )
YTDownloader (HKLM\...\YTDownloader) (Version: - YTDownloader)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Jack\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Jack\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Jack\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File

==================== Restore Points =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06941A33-FFEB-4926-A2B0-CC71FF213F41} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe [2015-03-17] ()
Task: {0F4A65CD-B36A-4A37-BF9D-E519CB82C258} - System32\Tasks\mdb => C:\Users\Jack\AppData\Roaming\orlando\Vipp\mbd.exe [2015-02-06] ()
Task: {10965127-AC9E-41E5-810F-8324499BB476} - System32\Tasks\Convertor => C:\Users\Jack\AppData\Roaming\Convertor\Convertor.exe [2015-01-29] ()
Task: {17126A0E-E767-4D99-976C-853741DC6F1D} - System32\Tasks\RocketTab Update Task => C:\Program Files\RocketTab\uninstall.exe [2014-09-06] () <==== ATTENTION
Task: {1A7C9BB8-1BA6-4EB5-96C0-EDA8E89285EA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {21EEEB12-C0C1-417F-9CBE-102498E6C0DB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3857334386-3578862484-2166480049-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3A8146C1-F07A-4EC0-83B1-0ACC073A6F47} - System32\Tasks\SysHealthcare_Controller => C:\Windows\SysHealthController\SysFiles_backup.exe [2015-03-17] ()
Task: {3B4F82AD-2E8B-439C-ACB3-16A929F75191} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2015-03-27] (YTDownloader) <==== ATTENTION
Task: {4CB39A81-F7E0-423A-84E5-DAF140390585} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {4CD05017-C813-48BD-883A-8E1677B6AF5F} - System32\Tasks\ObronaCleanerUacSkip => C:\Users\Jack\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
Task: {4F55CC1E-3483-4FE3-BF54-E9004AD6F95A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {53913CB8-649C-4BF9-8E6E-E097545B855A} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\RocketTab\Client.exe" /Preferred=true <==== ATTENTION
Task: {670859B7-E8EA-4670-A75F-056165A0832D} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2015-03-27] (Goobzo) <==== ATTENTION
Task: {6D76670C-4CCC-456D-856D-8D6D63A0775B} - System32\Tasks\WinKit => C:\Users\Jack\AppData\Roaming\WinKit\Updater.exe [2015-01-29] ()
Task: {72CED28D-109D-4078-9538-E6036F654B69} - System32\Tasks\SMW_UpdateTask_Time_343130353038303132362d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {74CB1D74-AA0E-4343-B48F-5B2E1336BDC1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3857334386-3578862484-2166480049-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7F864734-6652-43D7-A67F-8D72E0417B2A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3857334386-3578862484-2166480049-1001Core => C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-09] (Facebook Inc.)
Task: {8FED1D1B-8E5C-4419-86B4-53DFDA68A3EC} - System32\Tasks\{A7D8B7C5-84FB-453D-8907-963596BCB547} => C:\Program Files\Skype\Phone\Skype.exe
Task: {9C364571-0E54-49BB-A2BD-2601B0C023D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A5A8B0A3-11AC-4369-9C1A-D9D35D406E6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B4499DFF-CC0F-43BC-B1CD-C298272D6CAB} - System32\Tasks\RunTool => C:\Users\Jack\AppData\Local\2d684269-0a27-4fc5-b6b6-50b33ea5e2c7\sysad.exe [2015-02-24] ()
Task: {BECB454B-1D41-4FDB-BEF9-339A809D3129} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {DC1C897D-211F-4973-8C8F-F937790E47D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DEEEDE86-709A-4963-80F9-46A8B6D243DB} - System32\Tasks\RunAsStdUser Task => C:\Users\Midge\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
Task: {EBDE6D0C-090D-4528-BF77-378F87D0A5B8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-31] (Avast Software s.r.o.)
Task: {EEE22308-83D3-4FCF-94CC-9DB52139685C} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {EFAC6925-6806-4B4D-962C-D55C29A287F2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3857334386-3578862484-2166480049-1001UA => C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-09] (Facebook Inc.)
Task: {FF27F0EF-A4DD-4BF2-BE42-0564AF18D21F} - System32\Tasks\mdb01 => C:\Users\Jack\AppData\Roaming\orlando\Vipp\mbd.exe [2015-02-06] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3857334386-3578862484-2166480049-1001Core.job => C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3857334386-3578862484-2166480049-1001UA.job => C:\Users\Jack\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{93A42882-E554-4369-9F48-A4CA0FEB9E2D}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2008-07-18 11:37 - 2008-05-18 23:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-07-18 11:37 - 2008-05-18 23:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-03-31 10:17 - 2015-03-31 10:17 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-31 10:17 - 2015-03-31 10:17 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-31 13:02 - 2015-03-31 13:02 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032300\algo.dll
2015-03-31 12:28 - 2015-03-31 12:28 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033101\algo.dll
2009-01-27 18:15 - 2006-12-11 14:12 - 00176235 _____ () C:\Windows\System32\Primomonnt.dll
2014-09-06 15:54 - 2014-09-06 15:54 - 01420512 _____ () C:\Program Files\RocketTab\Client.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-28 23:25 - 2015-03-25 09:05 - 00256512 ___SH () C:\Program Files\Pgrouncounsterheads\Pgrouncounsterheads.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-07-18 21:43 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2010-07-18 21:43 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2015-03-31 10:17 - 2015-03-31 10:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-12-10 18:51 - 2006-12-10 18:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 18:51 - 2006-12-10 18:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2015-03-30 00:01 - 2015-02-06 09:24 - 00022016 _____ () C:\Users\Jack\AppData\Roaming\orlando\Vipp\mbd.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wwwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wwwd.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.1 - 74.40.74.40

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3857334386-3578862484-2166480049-500 - Administrator - Disabled)
Guest (S-1-5-21-3857334386-3578862484-2166480049-501 - Limited - Disabled)
Jack (S-1-5-21-3857334386-3578862484-2166480049-1001 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 01:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DownloadHelper.exe, version 1.0.1.5, time stamp 0x55152942, faulting module KERNEL32.dll!K32GetModuleFileNameExW, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000139, fault offset 0x00009cfc,
process id 0x1628, application start time 0xDownloadHelper.exe0.

Error: (03/31/2015 00:59:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {50820ff0-d7da-4f13-8b30-8dc334101938}

Error: (03/31/2015 00:35:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {01cdfc91-19e1-4c50-8f25-4e6241c3c634}

Error: (03/31/2015 00:13:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2015 00:13:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2015 11:58:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Search Module Plus Update since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/31/2015 11:58:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f154a1b2-7867-4254-bb81-20bf31176201}

Error: (03/31/2015 11:02:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Search Module Plus Update since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (03/31/2015 11:02:05 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f154a1b2-7867-4254-bb81-20bf31176201}

Error: (03/31/2015 10:34:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000135, fault offset 0x00009cfc,
process id 0x3b8, application start time 0xrundll32.exe0.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/14/2011 06:03:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 514 seconds with 480 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:35:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 312 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:33:03 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 81 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:32:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:30:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:29:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/09/2009 09:29:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2015-03-31 13:38:17.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:17.590
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:17.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:17.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:16.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:16.417
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:16.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:38:15.964
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:37:54.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 13:37:54.171
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3061.31 MB
Available physical RAM: 1655.41 MB
Total Pagefile: 6324.88 MB
Available Pagefile: 4657.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.24 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:116.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:0.01 GB) NTFS
Drive f: (MEMORY CARD) (Removable) (Total:1.9 GB) (Free:1.4 GB) FAT
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 0DD62270)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End Of Log ============================

Broni · Apr 1, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

learninmypc · Apr 1, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Jack at 2015-04-01 17:48:45 Run:1
Running from C:\Users\Jack\Desktop\Desktop
Loaded Profiles: Jack (Available profiles: Jack)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3857334386-3578862484-2166480049-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3857334386-3578862484-2166480049-1001] => http=127.0.0.1:9880
RemoveProxy:
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {100AFBBC-BE34-4149-865B-4CC19D82165D} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {10E376E5-3470-4362-B003-88204F11BABB} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {5FB712C7-830D-46CD-BA9E-9FA9D2400D9C} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {93BF13E6-90E8-4177-9F09-8F348CA677D9} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {C78FAE8E-01C1-4736-9F61-704F419DC2E6} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {EECC830F-8C53-4B83-A8A9-CAF383AC0ACD} URL =
SearchScopes: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001 -> {FCF01386-9B5F-45F6-8744-9C1FAB0D0505} URL =
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
C:\ProgramData\Norton
R2 Pgrouncounsterheads; C:\Program Files\Pgrouncounsterheads\Pgrouncounsterheads.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
C:\Program Files\Pgrouncounsterheads
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\Users\Jack\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2015-03-28 23:25 - 2015-03-28 23:25 - 00000000 __SHD () C:\Program Files\Pgrouncounsterheads
014-04-24 12:18 - 2015-03-19 10:46 - 0005972 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-03-17 21:42 - 2015-03-20 14:46 - 0024576 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 20:21 - 2014-11-09 20:21 - 0000000 _____ () C:\Users\Jack\AppData\Local\{0AAA277D-EA8D-4BAB-ACC3-4F373991FFF2}
2014-12-15 13:20 - 2014-12-15 13:20 - 0000000 _____ () C:\Users\Jack\AppData\Local\{2773CCC5-81B8-41A7-85E2-A97C3D465934}
2015-01-27 10:16 - 2015-01-27 10:16 - 0000000 _____ () C:\Users\Jack\AppData\Local\{B27C8CCD-011A-4035-B2EA-5DA4CAE456DF}
2015-01-28 14:30 - 2015-01-28 14:30 - 0000000 _____ () C:\Users\Jack\AppData\Local\{E832B156-6472-47C5-B261-6AAF5256A75A}
2009-07-09 15:18 - 2009-07-09 15:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-03-09 15:31 - 2011-02-04 16:41 - 0003986 _____ () C:\ProgramData\hpzinstall.log
C:\Users\Jack\AppData\Local\Temp\dufgmr4c.exe
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
CustomCLSID: HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
Task: {17126A0E-E767-4D99-976C-853741DC6F1D} - System32\Tasks\RocketTab Update Task => C:\Program Files\RocketTab\uninstall.exe [2014-09-06] () <==== ATTENTION
C:\Program Files\RocketTab
Task: {3B4F82AD-2E8B-439C-ACB3-16A929F75191} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2015-03-27] (YTDownloader) <==== ATTENTION
C:\Program Files\YTDownloader
DeleteKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader"
Task: {4CB39A81-F7E0-423A-84E5-DAF140390585} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: {53913CB8-649C-4BF9-8E6E-E097545B855A} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\RocketTab\Client.exe" /Preferred=true <==== ATTENTION
Task: {670859B7-E8EA-4670-A75F-056165A0832D} - System32\Tasks\YTDownloaderUpd => C:\Program Files\YTDownloader\updater.exe [2015-03-27] (Goobzo) <==== ATTENTION
Task: {72CED28D-109D-4078-9538-E6036F654B69} - System32\Tasks\SMW_UpdateTask_Time_343130353038303132362d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
C:\ProgramData\SearchModulePlus
Task: {BECB454B-1D41-4FDB-BEF9-339A809D3129} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {DEEEDE86-709A-4963-80F9-46A8B6D243DB} - System32\Tasks\RunAsStdUser Task => C:\Users\Midge\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
C:\Users\Midge\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Task: {EEE22308-83D3-4FCF-94CC-9DB52139685C} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{100AFBBC-BE34-4149-865B-4CC19D82165D}" => Key deleted successfully.
HKCR\CLSID\{100AFBBC-BE34-4149-865B-4CC19D82165D} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10E376E5-3470-4362-B003-88204F11BABB}" => Key deleted successfully.
HKCR\CLSID\{10E376E5-3470-4362-B003-88204F11BABB} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5FB712C7-830D-46CD-BA9E-9FA9D2400D9C}" => Key deleted successfully.
HKCR\CLSID\{5FB712C7-830D-46CD-BA9E-9FA9D2400D9C} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93BF13E6-90E8-4177-9F09-8F348CA677D9}" => Key deleted successfully.
HKCR\CLSID\{93BF13E6-90E8-4177-9F09-8F348CA677D9} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C78FAE8E-01C1-4736-9F61-704F419DC2E6}" => Key deleted successfully.
HKCR\CLSID\{C78FAE8E-01C1-4736-9F61-704F419DC2E6} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EECC830F-8C53-4B83-A8A9-CAF383AC0ACD}" => Key deleted successfully.
HKCR\CLSID\{EECC830F-8C53-4B83-A8A9-CAF383AC0ACD} => Key not found.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FCF01386-9B5F-45F6-8744-9C1FAB0D0505}" => Key deleted successfully.
HKCR\CLSID\{FCF01386-9B5F-45F6-8744-9C1FAB0D0505} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value deleted successfully.
C:\ProgramData\Norton => Moved successfully.
Pgrouncounsterheads => Unable to stop service
Pgrouncounsterheads => Service deleted successfully.
C:\Program Files\Pgrouncounsterheads => Moved successfully.
AvastVBoxSvc => Error deleting Service
BCM42RLY => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"C:\Program Files\Pgrouncounsterheads" => File/Directory not found.
014-04-24 12:18 - 2015-03-19 10:46 - 0005972 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat => Error: No automatic fix found for this entry.
C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Jack\AppData\Local\{0AAA277D-EA8D-4BAB-ACC3-4F373991FFF2} => Moved successfully.
C:\Users\Jack\AppData\Local\{2773CCC5-81B8-41A7-85E2-A97C3D465934} => Moved successfully.
C:\Users\Jack\AppData\Local\{B27C8CCD-011A-4035-B2EA-5DA4CAE456DF} => Moved successfully.
C:\Users\Jack\AppData\Local\{E832B156-6472-47C5-B261-6AAF5256A75A} => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\Users\Jack\AppData\Local\Temp\dufgmr4c.exe => Moved successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKU\S-1-5-21-3857334386-3578862484-2166480049-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17126A0E-E767-4D99-976C-853741DC6F1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17126A0E-E767-4D99-976C-853741DC6F1D}" => Key deleted successfully.
C:\Windows\System32\Tasks\RocketTab Update Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"C:\Program Files\RocketTab" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B4F82AD-2E8B-439C-ACB3-16A929F75191} => Key not found.
C:\Windows\System32\Tasks\YTDownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found.
"C:\Program Files\YTDownloader" => File/Directory not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CB39A81-F7E0-423A-84E5-DAF140390585}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB39A81-F7E0-423A-84E5-DAF140390585}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
C:\PROGRA~1\COMMON~1\System\SysMenu.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53913CB8-649C-4BF9-8E6E-E097545B855A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53913CB8-649C-4BF9-8E6E-E097545B855A}" => Key deleted successfully.
C:\Windows\System32\Tasks\RocketTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670859B7-E8EA-4670-A75F-056165A0832D} => Key not found.
C:\Windows\System32\Tasks\YTDownloaderUpd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72CED28D-109D-4078-9538-E6036F654B69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CED28D-109D-4078-9538-E6036F654B69}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_343130353038303132362d3437415a556c2a3223346c41 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_343130353038303132362d3437415a556c2a3223346c41" => Key deleted successfully.
C:\ProgramData\SearchModulePlus => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BECB454B-1D41-4FDB-BEF9-339A809D3129} => Key not found.
C:\Windows\System32\Tasks\SMupdate1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEEEDE86-709A-4963-80F9-46A8B6D243DB} => Key not found.
C:\Windows\System32\Tasks\RunAsStdUser Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key not found.
"C:\Users\Midge\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEE22308-83D3-4FCF-94CC-9DB52139685C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE22308-83D3-4FCF-94CC-9DB52139685C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog 17:48:55 ====

Broni · Apr 1, 2015

Good

Last scans....

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

learninmypc · Apr 1, 2015

Results of screen317's Security Check version 0.99.99
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
Java 8 Update 40
Java(TM) 6 Update 5
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (37.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

learninmypc · Apr 1, 2015

Farbar Service Scanner Version: 17-01-2015
Ran by Jack (administrator) on 01-04-2015 at 18:10:58
Running from "C:\Users\Jack\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

learninmypc · Apr 1, 2015

I'm going to defrag the C Drive, will check back in the morning in hopes of wrapping this up.

Broni · Apr 1, 2015

I still need Sophos log.

learninmypc · Apr 1, 2015

Hold on, I'll get it shortly, I hope.

learninmypc · Apr 2, 2015

2015-04-02 03:59:36.102 Sophos Virus Removal Tool version 2.5.4
2015-04-02 03:59:36.102 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-02 03:59:36.102 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-02 03:59:36.102 Windows version 6.0 SP 1.0 Service Pack 1 build 6001 SM=0x300 PT=0x1 Win32
2015-04-02 03:59:36.117 Checking for updates...
2015-04-02 03:59:47.224 Update progress: proxy server not available
2015-04-02 03:59:57.318 Option all = no
2015-04-02 03:59:57.318 Option recurse = yes
2015-04-02 03:59:57.318 Option archive = no
2015-04-02 03:59:57.318 Option service = yes
2015-04-02 03:59:57.318 Option confirm = yes
2015-04-02 03:59:57.318 Option sxl = yes
2015-04-02 03:59:57.318 Option max-data-age = 35
2015-04-02 03:59:57.318 Option EnableSafeClean = yes
2015-04-02 03:59:59.439 Option vdl-logging = yes
2015-04-02 03:59:59.970 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 03:59:59.970 Machine ID: fda679baed09429fb32a220c236afa2f
2015-04-02 03:59:59.970 Component SVRTcli.exe version 2.5.4
2015-04-02 03:59:59.970 Component control.dll version 2.5.4
2015-04-02 03:59:59.970 Component SVRTservice.exe version 2.5.4
2015-04-02 03:59:59.970 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 03:59:59.970 Component engine\veex.dll version 3.58.3.2183
2015-04-02 03:59:59.970 Component engine\savi.dll version 8.1.5.2183
2015-04-02 03:59:59.985 Component rkdisk.dll version 1.5.30.0
2015-04-02 03:59:59.985 Version info: Product version 2.5.4
2015-04-02 03:59:59.985 Version info: Detection engine 3.58.3
2015-04-02 03:59:59.985 Version info: Detection data 5.11
2015-04-02 03:59:59.985 Version info: Build date 2/3/2015
2015-04-02 03:59:59.985 Version info: Data files added 507
2015-04-02 03:59:59.985 Version info: Last successful update (not yet updated)
2015-04-02 04:00:21.170 Downloading updates...
2015-04-02 04:00:21.170 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-02 04:00:21.170 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-02 04:00:21.170 Update progress: [I49502] Found supplement IDE512 LATEST
2015-04-02 04:00:21.170 Update progress: [I49502] Found supplement IDE513 LATEST
2015-04-02 04:00:21.170 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-02 04:00:21.170 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-02 04:00:21.170 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-02 04:00:21.170 Update progress: [I19463] Syncing product SAVIW32 51
2015-04-02 04:00:23.760 Update progress: [I19463] Syncing product IDE512 166
2015-04-02 04:00:25.913 Installing updates...
2015-04-02 04:00:28.160 Error level 1
2015-04-02 04:00:28.456 Update progress: [I19463] Syncing product IDE513 171
2015-04-02 04:00:28.456 Update progress: [I19463] Syncing product IDE514 161
2015-04-02 04:00:28.456 Update progress: [I19463] Syncing product IDE515 15
2015-04-02 04:01:20.825 Update successful
2015-04-02 04:01:39.218 Option all = no
2015-04-02 04:01:39.218 Option recurse = yes
2015-04-02 04:01:39.218 Option archive = no
2015-04-02 04:01:39.218 Option service = yes
2015-04-02 04:01:39.218 Option confirm = yes
2015-04-02 04:01:39.218 Option sxl = yes
2015-04-02 04:01:39.218 Option max-data-age = 35
2015-04-02 04:01:39.218 Option EnableSafeClean = yes
2015-04-02 04:01:39.358 Option vdl-logging = yes
2015-04-02 04:01:39.358 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-02 04:01:39.358 Machine ID: fda679baed09429fb32a220c236afa2f
2015-04-02 04:01:39.358 Component SVRTcli.exe version 2.5.4
2015-04-02 04:01:39.358 Component control.dll version 2.5.4
2015-04-02 04:01:39.358 Component SVRTservice.exe version 2.5.4
2015-04-02 04:01:39.358 Component engine\osdp.dll version 1.44.1.2183
2015-04-02 04:01:39.358 Component engine\veex.dll version 3.58.3.2183
2015-04-02 04:01:39.374 Component engine\savi.dll version 8.1.5.2183
2015-04-02 04:01:39.374 Component rkdisk.dll version 1.5.30.0
2015-04-02 04:01:39.374 Version info: Product version 2.5.4
2015-04-02 04:01:39.374 Version info: Detection engine 3.58.3
2015-04-02 04:01:39.374 Version info: Detection data 5.11G
2015-04-02 04:01:39.374 Version info: Build date 2/3/2015
2015-04-02 04:01:39.374 Version info: Data files added 506
2015-04-02 04:01:39.374 Version info: Last successful update 4/1/2015 9:01:20 PM

2015-04-02 04:36:24.953 Could not open C:\autoexec.bat
2015-04-02 04:37:12.035 Could not open C:\hiberfil.sys
2015-04-02 04:37:25.845 Could not open C:\pagefile.sys
2015-04-02 04:45:25.442 >>> Virus 'Mal/FakeAV-IR' found in file C:\Program Files\DocsOpener\uninstall.exe
2015-04-02 04:45:25.442 >>> Virus 'Mal/FakeAV-IR' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-04-02 04:45:25.458 >>> Virus 'Mal/FakeAV-IR' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe
2015-04-02 04:45:25.458 >>> Virus 'Mal/FakeAV-IR' found in file HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2015-04-02 04:45:25.458 >>> Virus 'Mal/FakeAV-IR' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-04-02 04:52:30.297 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-02 04:52:30.297 Could not open C:\System Volume Information\{b71edf4d-d8d6-11e4-8449-00219bd8ab34}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-02 04:52:30.297 Could not open C:\System Volume Information\{e7707886-d8ea-11e4-8324-00219bd8ab34}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-02 04:57:27.445 >>> Virus 'Mal/Inject-CEE' found in file C:\Users\Jack\Downloads\Setup.exe
2015-04-02 04:57:27.445 >>> Virus 'Mal/Inject-CEE' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-04-02 04:57:27.445 >>> Virus 'Mal/Inject-CEE' found in file HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe
2015-04-02 04:57:27.445 >>> Virus 'Mal/Inject-CEE' found in file HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2015-04-02 04:57:27.445 >>> Virus 'Mal/Inject-CEE' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-04-02 05:06:41.232 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-02 05:06:41.232 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-02 05:06:47.920 Could not open C:\Windows\System32\config\components
2015-04-02 05:06:47.999 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-04-02 05:06:48.004 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-02 05:06:48.024 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-02 05:06:48.028 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-02 05:06:48.042 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-02 05:06:48.046 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-02 05:07:13.584 Could not open C:\Windows\System32\drivers\wwwd.sys
2015-04-02 05:34:48.353 The following items will be cleaned up:
2015-04-02 05:34:48.368 Mal/FakeAV-IR
2015-04-02 05:34:48.368 Mal/Inject-CEE
2015-04-02 06:29:40.049 Threat 'Mal/FakeAV-IR' has been cleaned up.
2015-04-02 06:29:40.064 Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell" belongs to malware 'Mal/FakeAV-IR'.
2015-04-02 06:29:40.064 Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell" has been cleaned up.
2015-04-02 06:29:40.064 Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" belongs to malware 'Mal/FakeAV-IR'.
2015-04-02 06:29:40.080 Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" has been cleaned up.
2015-04-02 06:29:40.080 File "C:\Program Files\DocsOpener\uninstall.exe" belongs to malware 'Mal/FakeAV-IR'.
2015-04-02 06:29:40.080 File "C:\Program Files\DocsOpener\uninstall.exe" has been cleaned up.
2015-04-02 06:29:40.080 Registry value "HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" belongs to malware 'Mal/FakeAV-IR'.
2015-04-02 06:29:40.080 Registry value "HKU\S-1-5-21-3857334386-3578862484-2166480049-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" has been cleaned up.
2015-04-02 06:29:40.080 Removal successful
2015-04-02 06:29:48.551 Threat 'Mal/Inject-CEE' has been cleaned up.
2015-04-02 06:29:48.551 File "C:\Users\Jack\Downloads\Setup.exe" belongs to malware 'Mal/Inject-CEE'.
2015-04-02 06:29:48.551 File "C:\Users\Jack\Downloads\Setup.exe" has been cleaned up.
2015-04-02 06:29:48.551 Removal successful
2015-04-02 06:29:48.582 Contents of SafeClean bin directory:
2015-04-02 06:29:48.598 {
2015-04-02 06:29:48.598 RecordID : "0000000000000001",
2015-04-02 06:29:48.598 ItemType : "1",
2015-04-02 06:29:48.598 Location : "C:\Program Files\DocsOpener\",
2015-04-02 06:29:48.598 FileName : "uninstall.exe",
2015-04-02 06:29:48.598 ThreatName : "Mal/FakeAV-IR",
2015-04-02 06:29:48.598 Checksum : "8a1516cc5f3b1c0c36cd75f6847fcd123bc6bf625451088f99c3d04d0e696071",
2015-04-02 06:29:48.598 TimeStamp : "Wed Apr 01 23:29:28 2015"
2015-04-02 06:29:48.598 }
2015-04-02 06:29:48.598 {
2015-04-02 06:29:48.598 RecordID : "0000000000000002",
2015-04-02 06:29:48.598 ItemType : "1",
2015-04-02 06:29:48.598 Location : "C:\Users\Jack\Downloads\",
2015-04-02 06:29:48.598 FileName : "Setup.exe",
2015-04-02 06:29:48.598 ThreatName : "Mal/Inject-CEE",
2015-04-02 06:29:48.598 Checksum : "f0fc1323d382a5db4380c6bf17300055e0984a4249572c7dbcaa1e99122655a1",
2015-04-02 06:29:48.598 TimeStamp : "Wed Apr 01 23:29:40 2015"
2015-04-02 06:29:48.598 }
2015-04-02 06:29:50.048 Error level 0

learninmypc · Apr 2, 2015

Have tried numerous times & long hours to get this done
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
Internet Explorer 8
But it won't. Maybe it will on next Patch Tuesday 04/14

Broni · Apr 2, 2015

Yes, you should have Service Pack 2 installed. Go Start>Control Panel>Windows updates and get all necessary updates including Service Pack 2.

Uninstall Java(TM) 6 Update 5.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

learninmypc · Apr 2, 2015

Broni, I've tried several times to update IE & get the other necessary updates from MS but to no avail. I will or already have updated the other mentioned items. Thank you once again.

As for the Recovery disk, from the info I read, I'm telling the owner to take it to Dell if necessary.

Broni · Apr 2, 2015

You can't get IE update without installing Service Pack 2.
You can't run this computer being so outdated.

What exactly happens when you go to Windows Updates in Control Panel?

learninmypc · Apr 2, 2015

It simply won't let me install either of them. I've even tried doing so in safe mode.

Broni · Apr 2, 2015

What happens?
Any error messages?

learninmypc · Apr 2, 2015

I'm giving it (MS) one last shot & will post a screenshot of the results & then will return the laptop to the owner telling him what you've said. Thank you for your patience Broni

Broni · Apr 2, 2015

If any problem try this FixIt: https://support.microsoft.com/en-us/kb/971058?wa=wsignin1.0

learninmypc · Apr 2, 2015

Ill give that a try if this current try don't work. I think this laptop might be a used one,not sure.

learninmypc · Apr 2, 2015

As promised. Now I'll try the link you gave me.

Broni · Apr 2, 2015

Also see here: http://windows.microsoft.com/en-us/windows7/windows-update-error-0x80243004
It may actually be your case.

learninmypc · Apr 2, 2015

Will check it out after the fix it is done, if necessary.

learninmypc · Apr 2, 2015

After doing both of your links, here are the final results

I'm now giving it back to the owner. Perhaps Patch Tuesday might fix it. Thank you broni.

Broni · Apr 2, 2015

You're very welcome

Solved Friends Vista Home laptop infected

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 56,041 +516

Attachments

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Attachments

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Similar threads