Please go to your add/remove programs list, then uninstall /delete the below. They are out of date and vulnerable.
We can install the most recent version later.
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
~~~~~~~~
Found in your files
Task: {4B160275-8EE4-4CD3-BD7E-EAA0C2B704FE} - System32\Tasks\AutoPico Daily Restart => C:\Users\Bartek\Desktop\KMSpico [Argument = v10.1.9\KMSpico Portable\
AutoPico.exe /silent]
C:\Users\Bartek\Desktop\KMSpico v10.1.9\KMSpico Portable\
KMSELDI.exeC:\Users\Bartek\Desktop\KMSpico v10.1.9\KMSpico Portable\
KMSELDI.exeThose are illegal activation tools for Microsoft Windows and or for Adobe/ Microsoft Office products.
Warning 11 antivirus scanners has detected AutoPico as malware.
http://www.shouldibl...5affb531e4.aspx~~
Participating in the use of such software is a security risk. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.
~~~
Please open
Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as
fixlist.txtNOTE. It's important that both files,
FRST/FRST64 and
fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-20] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-20] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-20] (Oracle Corporation)
CustomCLSID: HKU\S-1-5-21-2874853799-4015820732-1586648415-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {183B89F3-9468-D082-A519-4AE985889A47} => No File
CustomCLSID: HKU\S-1-5-21-2874853799-4015820732-1586648415-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5AF8A6D4-9468-D082-8236-89AB85889A47} => No File
Task: {8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION
Task: {E8AEECFA-DB88-4098-8E22-E7F6240A4A6B} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
Open
FRST/FRST64 and press the
> Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~
Please download the
Malwarebytes Anti-Malware setup file to your Desktop.
OR from this location
Malwarebytes' Anti-Malware- Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
- On the Dashboard click on Update Now
- Go to the Setting Tab
- Under Setting go to Detection and Protection
- Under PUP and PUM make sure both are set to show Treat Detections as Malware
- Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
- Then on the Dashboard click on Scan
- Make sure to select THREAT SCAN
- Then click on Scan
- Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
- If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
- Upon completion of the scan (or after the reboot), click the History tab.
- Click Application Logs, followed by the first Scan Log.
- Click Export, followed by Copy to Clipboard. Paste the log in your next reply.
~~~
Please post these 2 logs when finished.