Is this a legal copy of windows ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
IFEO\adwcleaner_4.204.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1742688847-84516211-800876738-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\SysWOW64\Meoooskh.dll [286720 2015-05-25] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Meoooskh.dll [286720 2015-05-25] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Meoooskh.dll [286720 2015-05-25] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Meoooskh.dll [286720 2015-05-25] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\Meoooskh.dll [286720 2015-05-25] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Meoooskh64.dll [360448 2015-05-25] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Meoooskh64.dll [360448 2015-05-25] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Meoooskh64.dll [360448 2015-05-25] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Meoooskh64.dll [360448 2015-05-25] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Meoooskh64.dll [360448 2015-05-25] ()
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-05-25 02:23 - 2015-05-25 03:49 - 00000112 _____ C:\ProgramData\WLU8aH.dat
2015-05-25 02:10 - 2015-05-25 02:10 - 00003984 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-05-25 02:09 - 2015-05-25 03:51 - 00000000 ____D C:\Program Files (x86)\SafeGuard
2015-05-25 02:09 - 2015-05-25 02:09 - 00000000 ____D C:\ProgramData\10963361899322722656
2015-05-25 02:08 - 2015-05-25 03:51 - 00000000 ____D C:\Program Files (x86)\Priceless
2015-05-25 02:08 - 2015-05-25 02:08 - 00000005 _____ C:\end
2015-05-25 01:47 - 2015-06-06 02:38 - 00000000 ____D C:\ProgramData\2bcafb04000065ba
2015-05-25 01:38 - 2015-05-25 01:50 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2015-05-25 01:37 - 2015-05-25 01:56 - 00000000 ____D C:\Users\Adamm\AppData\Roaming\WTools
2015-05-25 01:37 - 2015-05-25 01:54 - 00000000 ____D C:\Users\Adamm\AppData\Roaming\Store
2015-05-25 01:37 - 2015-05-25 01:47 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-05-25 01:36 - 2015-06-16 14:47 - 00001020 _____ C:\Windows\Tasks\CsVwO2fQyGFyqtK.job
2015-05-25 01:36 - 2015-05-25 02:20 - 00004632 _____ C:\Windows\SysWOW64\Meoooskh.ini
2015-05-25 01:36 - 2015-05-25 02:20 - 00002536 _____ C:\Windows\SysWOW64\MeoooskhOff.ini
2015-05-25 01:36 - 2015-05-25 02:20 - 00002536 _____ C:\Windows\system32\MeoooskhOff.ini
2015-05-25 01:36 - 2015-05-25 01:36 - 00004028 _____ C:\Windows\System32\Tasks\CsVwO2fQyGFyqtK
2015-05-25 01:36 - 2015-05-25 00:10 - 00360448 _____ C:\Windows\system32\Meoooskh64.dll
2015-05-25 01:36 - 2015-05-25 00:10 - 00286720 _____ C:\Windows\SysWOW64\Meoooskh.dll
2015-05-25 01:36 - 2013-08-22 09:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-05-25 01:35 - 2015-05-25 01:41 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-25 01:35 - 2015-05-25 01:35 - 00000000 ____D C:\Users\Adamm\AppData\Local\globalUpdate
2015-06-15 20:21 - 2014-06-30 20:31 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
Task: {1D471FDA-84ED-412F-8BF7-6D2B65578652} - System32\Tasks\CsVwO2fQyGFyqtK => C:\Users\Adamm\AppData\Roaming\CsVwO2fQyGFyqtK.exe <==== ATTENTION
Task: {5B04B10C-D496-44B3-87B1-D8F5623EF409} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {7A10A66A-C32E-4A50-A9D1-D08B0CEC0851} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {A4CD96F3-4CEC-4A3A-9306-43FF226482D2} - System32\Tasks\{EB485032-FC2A-466E-BEDB-43A107263273} => pcalua.exe -a C:\ProgramData\{67C33A62-5B1D-43D1-9600-16006F36EB2B}\setup.exe
Task: C:\Windows\Tasks\CsVwO2fQyGFyqtK.job => C:\Users\Adamm\AppData\Roaming\CsVwO2fQyGFyqtK.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Meoooskh => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
C:\ProgramData\hash.dat
C:\ProgramData\WLU8aH.dat
C:\Users\Adamm\Downloads\Random\ATR.exe
C:\Users\Adamm\AppData\Roaming\CsVwO2fQyGFyqtK.exe
C:\Program Files (x86)\OLBPre
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
