Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Sandra at 2015-04-02 15:03:27 Run:1 Running from C:\Users\Sandra\Desktop Loaded Profiles: Sandra (Available profiles: Sandra) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_39.0.2171.65&apn_uid=B3EA6600-82F8-43A6-A18E-09ADADF5555F&itbv=12.18.0.82&doi=2014-11-20&psv=&pt=tb SearchScopes: HKLM - DefaultScope {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= SearchScopes: HKLM - {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= SearchScopes: HKCU - DefaultScope {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= SearchScopes: HKCU - {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= SearchScopes: HKCU - {8546AA11-2AA9-44C1-9101-CF370F58BF64} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11411&pf=V7&p2=^BBJ^OSJ000^YY^US&gct=&itbv=12.18.0.82&apn_uid=B3EA6600-82F8-43A6-A18E-09ADADF5555F&apn_ptnrs=BBJ&apn_dtid=^OSJ000^YY^US&apn_dbr=cr_39.0.2171.65&doi=2014-11-20&trgb=CR&q={searchTerms}&psv=&pt=tb CHR HKLM\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2014-10-10] CHR HKLM-x32\...\Chrome\Extension: [aaaaahaeginbdcckocjkhbciadcafnep] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx [2014-10-10] R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.) 2015-03-03 08:44 - 2014-11-19 21:16 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner Task: {1231B75E-8E4E-4E87-AB74-F5A4AC49A051} - \RocketTab No Task File Task: {DBBBA450-4B5A-4B29-85B4-8D032E3DE20F} - \RocketTab Update Task No Task File C:\Program Files (x86)\AskPartnerNetwork Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - DefaultScope {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= => Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= => Value not found. \\SearchScopes: HKCU - DefaultScope {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= => Value not found. \\SearchScopes: HKCU - {10FF2269-8831-49E1-A57C-008673E7ABE1} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1QzutBtDyC0Azz0A0FtCtCyCyC0E0CtCzzyCtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyC0ByDtBzztCyBzytG0F0EyD0DtGtDtD0D0FtG0Bzy0DtAtGtA0DtDzyyCyBtByBtDyBtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDtC0E0A0EyDyCtGtC0AtBzztGyE0FtC0CtGzztAtDtAtGzyzytByC0B0AyCtAtCzztD0E2Q&cr=1912094794&ir= => Value not found. \\SearchScopes: HKCU - {8546AA11-2AA9-44C1-9101-CF370F58BF64} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11411&pf=V7&p2=^BBJ^OSJ000^YY^US&gct=&itbv=12.18.0.82&apn_uid=B3EA6600-82F8-43A6-A18E-09ADADF5555F&apn_ptnrs=BBJ&apn_dtid=^OSJ000^YY^US&apn_dbr=cr_39.0.2171.65&doi=2014-11-20&trgb=CR&q={searchTerms}&psv=&pt=tb => Value not found. "HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep" => Key deleted successfully. C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep" => Key deleted successfully. "C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaahaeginbdcckocjkhbciadcafnep.crx" => File/Directory not found. APNMCP => Unable to stop service APNMCP => Service deleted successfully. "C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1231B75E-8E4E-4E87-AB74-F5A4AC49A051}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1231B75E-8E4E-4E87-AB74-F5A4AC49A051}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBBBA450-4B5A-4B29-85B4-8D032E3DE20F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBBBA450-4B5A-4B29-85B4-8D032E3DE20F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully. "C:\Program Files (x86)\AskPartnerNetwork" directory move: Could not move "C:\Program Files (x86)\AskPartnerNetwork" directory. => Scheduled to move on reboot. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::947c:ce94:1d7f:f3e7%4 Default Gateway . . . . . . . . . : Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::947c:ce94:1d7f:f3e7%4 IPv4 Address. . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Interface, OK! Resetting , failed. Access is denied. Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {69490F9E-C39E-41EA-A931-C95EF8947F28}. Unable to cancel {BC35695C-1FDF-434E-AD98-9B65CE6E1CFA}. Unable to cancel {2657B503-2DC4-415F-9E03-3D5ABBAD4EC9}. Unable to cancel {4C553A52-928A-4C51-B45D-CBFF6CC7D6A0}. {3EEB1526-A70A-4F33-976C-35624E5B931E} canceled. {F1662114-3796-47CA-B32C-D2A2571E3BBC} canceled. 2 out of 6 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 552.1 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-02 15:07:15)<= C:\Program Files (x86)\AskPartnerNetwork => Is moved successfully. ==== End of Fixlog 15:07:15 ====