Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015 Ran by Kelly (2015-12-26 17:07:17) Run:1 Running from C:\Users\Kelly\Desktop Loaded Profiles: Kelly (Available Profiles: Kelly) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: 2015-12-25 20:15 - 2014-06-27 20:37 - 00000000 ____D C:\Program Files\SupraSavings HKU\S-1-5-21-2808045357-1269114698-59485828-1001\...\MountPoints2: {3cd400c5-c2e9-11e3-8259-201a06d47b2a} - "E:\LaunchU3.exe" -a HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {5849260C-311F-4374-A230-D509DCE0562A} URL = SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {807189FD-86C7-4BCF-A29F-DCF552204EFD} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA662D20150112&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2808045357-1269114698-59485828-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = 2014-06-25 11:58 - 2014-06-25 11:58 - 00172544 _____ () C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE 2014-04-12 20:52 - 2014-04-12 20:52 - 00706560 _____ () C:\Program Files\003\xmkysecqun64.exe C:\Program Files\003\xmkysecqun64.exe CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Program Files\SupraSavings => moved successfully "HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd400c5-c2e9-11e3-8259-201a06d47b2a}" => key removed successfully HKCR\CLSID\{3cd400c5-c2e9-11e3-8259-201a06d47b2a} => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2808045357-1269114698-59485828-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully HKCR\Wow6432Node\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. "HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5849260C-311F-4374-A230-D509DCE0562A}" => key removed successfully HKCR\CLSID\{5849260C-311F-4374-A230-D509DCE0562A} => key not found. "HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{807189FD-86C7-4BCF-A29F-DCF552204EFD}" => key removed successfully HKCR\CLSID\{807189FD-86C7-4BCF-A29F-DCF552204EFD} => key not found. "HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}" => key removed successfully HKCR\CLSID\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => key not found. C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE\SupraSavingsService64.exe => moved successfully C:\Program Files (x86)\0012C5CB-3192-475B-B0A8-5F323C30CEDE => moved successfully C:\Program Files\003\xmkysecqun64.exe => moved successfully "C:\Program Files\003\xmkysecqun64.exe" => not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {C7A96A05-D7AD-4748-8DFB-3809C410D55C}. Unable to cancel {BB2F0608-5ECE-4242-A05F-1D68B51DC290}. Unable to cancel {7318BE09-BC7F-4209-96FD-E6E8B0D90BB9}. Unable to cancel {AC6D350A-DECB-4448-87AB-7C1832E2DEE9}. Unable to cancel {EA003C0F-1440-4EAA-BCA1-BB0D24C456CD}. Unable to cancel {BB2FCC1D-E3E9-4EB4-B8BC-FFCCE4AB7EDE}. Unable to cancel {6607EA3F-FA84-499A-A68D-F30C699FE161}. Unable to cancel {68E7DB50-7F1D-44A0-9BAE-217DFB2084BC}. Unable to cancel {800E815A-BD48-44B5-B35A-A3BEA3AB7B8A}. Unable to cancel {09BDF05C-3D17-49C1-A95A-B10A7CEAE629}. Unable to cancel {FE5B3B5D-CF8D-40C3-BB66-AF82B7EC5604}. Unable to cancel {53E5C76A-A5C3-4F71-8423-D1D487953769}. Unable to cancel {8E9B0270-03FE-423B-B54A-8A5E08332991}. Unable to cancel {8AC5E177-379C-4FE6-A699-64CB05BCBAA7}. Unable to cancel {F3F09C84-1264-4D54-8EB3-1439116808FA}. Unable to cancel {FFFE9B8B-6BDB-4D6A-B1C9-EDD9F9A25BAB}. Unable to cancel {9571B19B-083E-48EB-954D-7B2E729A748A}. Unable to cancel {CE619CA6-892B-4266-B5A7-686CC402B791}. Unable to cancel {26A369A9-84E4-4F27-9BFD-40AC881EC5FB}. Unable to cancel {786ED3BB-CC6E-425E-AA33-0A28A3AA537E}. Unable to cancel {88CA39BF-961E-406E-BDDD-693A613724F9}. Unable to cancel {632877C0-A1FF-45DC-8B59-9A1B3CB6BC25}. Unable to cancel {D392D0CF-D709-42B9-9E40-36E0E2D75830}. Unable to cancel {F4C12CD7-F3F2-4DD1-8E79-F5C99842920A}. Unable to cancel {C37FFBD9-072B-49BC-9F8E-A5B2B27927E9}. Unable to cancel {818011DA-EB5D-42A0-9DE4-C6951428B258}. Unable to cancel {9C40C0EC-6488-47A8-911D-FA237656C180}. Unable to cancel {96C492EF-2C0F-4B62-8962-941E55E2C901}. Unable to cancel {4C1E3BF1-2FCC-4D0F-9D4E-F7D9C89B51A3}. Unable to cancel {565113BA-4840-44FB-B41B-E3AD79704EB6}. 0 out of 30 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2808045357-1269114698-59485828-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 12.8 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:08:33 ====