FIRST >>>>
Please move FRST64.exe from the C:\Users\campor\Downloads directory to your desktop.
SECOND >>>>
Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the Code box below. To do this highlight the contents of the box (click on the (select) next to Code Box) and right click on it and select copy . Paste this into the open notepad. Save it to your desktop as fixlist.txt
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Hosts:
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Plugin HKU\S-1-5-21-453813392-3272009609-558804305-1001: @my.com/Games -> C:\Users\campor\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-11] (My.com, Inc)
FF Plugin HKU\S-1-5-21-453813392-3272009609-558804305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\campor\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-11] (My.com, Inc)
C:\Users\campor\AppData\Local\MyComGames
FF user.js: detected! => C:\Users\campor\AppData\Roaming\Mozilla\Firefox\Profiles\4kmgp4ih.default\user.js [2015-07-20]
C:\Users\campor\AppData\Roaming\Mozilla\Firefox\Profiles\4kmgp4ih.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [{EBE37FEA-F221-483C-BC44-672D2255CCDC}] - C:\Windows\Installer\{09BCE20E-C664-475D-9CBB-4C534527CE1F}\{EBE37FEA-F221-483C-BC44-672D2255CCDC}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{09BCE20E-C664-475D-9CBB-4C534527CE1F}\{EBE37FEA-F221-483C-BC44-672D2255CCDC}.xpi [2015-07-20]
C:\Windows\Installer\{09BCE20E-C664-475D-9CBB-4C534527CE1F}
CHR Extension: (Download Protect) - C:\Users\campor\AppData\Local\Google\Chrome\User Data\Default\Extensions\badncadhdalbhdeammnkdildhmbgondn [2015-07-20]
C:\Users\campor\AppData\Local\Google\Chrome\User Data\Default\Extensions\badncadhdalbhdeammnkdildhmbgondn
R2 DnsBlockUpdateSvc; C:\Windows\system32\DnsBlockUpdateSvc.exe [149024 2015-07-19] ()
C:\Windows\system32\DnsBlockUpdateSvc.exe
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] <==== ATTENTION
C:\ProgramData\WindowsMangerProtect
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\system32\drivers\EagleX64.sys
C:\Windows\xhunter1.sys
2015-07-19 19:50 - 2015-07-19 19:51 - 00000000 ____D C:\Users\campor\AppData\Local\MegaDownloader
2015-07-19 19:50 - 2015-07-19 19:50 - 00471968 _____ C:\Windows\SysWOW64\dns.block
2015-07-19 19:50 - 2015-07-19 19:50 - 00471968 _____ C:\Windows\system32\dns.block
2015-07-19 19:50 - 2015-07-19 19:50 - 00149024 _____ C:\Windows\system32\DnsBlockUpdateSvc.exe
2015-07-19 19:50 - 2015-07-19 19:50 - 00000000 ____D C:\Users\campor\AppData\Local\DnsBlock
2015-07-19 19:49 - 2015-07-19 19:49 - 02147112 _____ (AppsForMega.info ) C:\Users\campor\Downloads\MegaDownloader_v1.4.exe
2015-07-19 19:26 - 2015-07-19 19:26 - 02401112 _____ (Microsoft Corporation) C:\Users\campor\Downloads\d3dX9_43.dll
2015-07-19 18:12 - 2015-07-19 18:12 - 00189356 _____ C:\Users\campor\Downloads\[rutracker.org].t4888529 (2).torrent
2015-07-19 17:52 - 2015-07-19 17:52 - 00189356 _____ C:\Users\campor\Downloads\[rutracker.org].t4888529 (1).torrent
2015-07-19 17:42 - 2015-07-19 17:42 - 00189356 _____ C:\Users\campor\Downloads\[rutracker.org].t4888529.torrent
2015-07-17 08:18 - 2015-07-17 08:18 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-07-10 17:29 - 2015-07-12 09:25 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-07-17 08:18 - 2015-07-17 08:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\campor\AppData\Local\Temp\proxy_vole4050098108978188150.dll
C:\Users\campor\AppData\Local\Temp\setup.exe
Task: {825B0695-2B9B-4666-B424-1623D60A2E3B} - System32\Tasks\{702856EF-0004-4D96-97CF-EED5648FF74E} => pcalua.exe -a "G:\für format\epson374981eu.exe" -d "G:\für format"
Task: {E92BC7C2-D7A7-4D15-858E-78CBE3939C2A} - System32\Tasks\{5280251E-95C9-45EC-8693-64BB3DE06752} => pcalua.exe -a "G:\für format\EpsonMultifunktionsgeraet6.65.exe" -d "G:\für format"
Task: {F918EB8C-715F-4875-B977-4EF188D45745} - System32\Tasks\{DC37C738-E1D7-45B3-B7B9-BFC85993AF94} => pcalua.exe -a C:\Users\campor\Downloads\setup.exe -d C:\Users\campor\Downloads
Task: {F9D0F7C9-3B34-4094-903C-C10801EDECAB} - System32\Tasks\{020E1DC2-3C2E-4121-A484-0A209B8684FA} => pcalua.exe -a "C:\Users\campor\Downloads\MC Modinstaller 4.0.exe" -d C:\Users\campor\Downloads
Task: {FC5F9A43-F883-4AEC-BFC6-9DEF9965C285} - System32\Tasks\{8F44DD9A-3B9F-47AC-B9C5-1F484AB0AC24} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
AlternateDataStreams: C:\Users\campor\Downloads\IMAG1148.jpg:com.dropbox.attributes
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
NOTE. It’s important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST64 by right clicking on the FRST64.exe file, selecting “Run as Administrator…”. The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.
The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.
http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/Press%20the%20FIX%20button_zpsdd5zi3mt.png
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Also, tell me how your system is running now.
Also, tell me how your system is running now.