Fix result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01 Ran by User (2016-04-11 17:42:39) Run:2 Running from C:\Documents and Settings\User\Desktop Loaded Profiles: User (Available Profiles: User & Administrator & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM\...\Run: [qoqavedsucue] => C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\jlmjvkexubwmndts.dll" HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {8EDDD76F-CE75-460B-B846-9A685E3EF34B} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C133A094-347B-41CB-9BA5-3D8A80DD8583} URL = hxxp://www15.yoog.com/search.php?q={searchTerms} SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C52F4C55-CD31-4C2D-BB8A-8C35F79B983A} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb BHO: snappyads browser enhancer -> {81CFA2BF-8FE8-2409-8FA6-A6B19037CBF7} -> C:\WINDOWS\system32\jlmjvkexubwmndts.dll [2009-10-01] () FF DefaultSearchEngine: Yoog Search FF DefaultSearchUrl: hxxp://www15.yoog.com/search.php?q= FF SelectedSearchEngine: Yoog Search FF Keyword.URL: hxxp://www15.yoog.com/search.php?q= FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\user.js [2016-04-10] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll [2008-12-08] (MyWebSearch.com) FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\searchplugins\Yoog Search.xml [2009-10-01] FF Extension: XUL Cache - C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} [2009-03-04] [not signed] 2016-04-10 16:51 - 2016-04-10 16:51 - 00000000 _____ C:\WINDOWS\system32\F7C.tmp 2016-04-10 16:51 - 2016-04-10 16:51 - 00000000 _____ C:\WINDOWS\system32\F79.tmp 2016-04-08 09:25 - 2016-04-08 09:25 - 00000000 _____ C:\WINDOWS\system32\1DD.tmp C:\WINDOWS\system32\jlmjvkexubwmndts.dll Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\qoqavedsucue => value removed successfully. HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName => value removed successfully. HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl => value removed successfully. "HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EDDD76F-CE75-460B-B846-9A685E3EF34B}" => key removed successfully. HKCR\CLSID\{8EDDD76F-CE75-460B-B846-9A685E3EF34B} => key not found. "HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C133A094-347B-41CB-9BA5-3D8A80DD8583}" => key removed successfully. HKCR\CLSID\{C133A094-347B-41CB-9BA5-3D8A80DD8583} => key not found. "HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C52F4C55-CD31-4C2D-BB8A-8C35F79B983A}" => key removed successfully. HKCR\CLSID\{C52F4C55-CD31-4C2D-BB8A-8C35F79B983A} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81CFA2BF-8FE8-2409-8FA6-A6B19037CBF7}" => key removed successfully. "HKCR\CLSID\{81CFA2BF-8FE8-2409-8FA6-A6B19037CBF7}" => key removed successfully. Firefox DefaultSearchEngine removed successfully. Firefox DefaultSearchUrl removed successfully. Firefox SelectedSearchEngine removed successfully. Firefox "Keyword.URL" removed successfully. C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\user.js => moved successfully C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll => moved successfully C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\searchplugins\Yoog Search.xml => moved successfully C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} => moved successfully C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} => path removed successfully. C:\WINDOWS\system32\F7C.tmp => moved successfully C:\WINDOWS\system32\F79.tmp => moved successfully C:\WINDOWS\system32\1DD.tmp => moved successfully C:\WINDOWS\system32\jlmjvkexubwmndts.dll => moved successfully ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully ========= End of Reg: ========= ========= RemoveProxy: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. "HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\S-1-5-21-500823600-1963862842-10735164-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= 'bitsadmin' is not recognized as an internal or external command, operable program or batch file. ========= End of CMD: =========