Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Sean (09-04-2017 02:18:47) Run:1 Running from C:\Users\Sean\Desktop Loaded Profiles: Sean (Available Profiles: defaultuser0 & Sean) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3656248 2017-03-02] (Simply Super Software) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3944881690-2465539413-2922067820-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] R3 gzflt; C:\Program Files\BDServices\gzflt.sys [161592 2017-03-15] (BitDefender LLC) R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [485512 2017-03-15] (BitDefender S.R.L.) 2017-03-29 14:49 - 2017-04-07 13:31 - 00000000 ____D C:\Users\Sean\AppData\Local\drutkycvq 2017-03-29 14:49 - 2017-03-30 17:25 - 00000000 ____D C:\Users\Sean\AppData\Local\lpzahjqu 2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Sean\AppData\Roaming\c 2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-03-29 14:49 - 2017-03-29 14:49 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-03-16 11:43 - 2017-03-16 11:43 - 40622592 _____ () C:\Program Files (x86)\Digital Care Solutions 2017-04-05 23:37 - 2017-04-06 01:09 - 00002303 _____ C:\Users\Sean\Desktop\Digital Care.lnk 2017-04-05 23:37 - 2017-04-05 23:38 - 00000584 _____ C:\WINDOWS\Tasks\Digital Care Startup.job 2017-04-05 23:37 - 2017-04-05 23:37 - 00003148 _____ C:\WINDOWS\System32\Tasks\Digital Care Startup 2017-04-05 23:37 - 2017-04-05 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Care Solutions 2017-04-05 23:35 - 2017-04-05 23:35 - 00000000 ____D C:\ProgramData\Digital Care Solutions 2017-04-05 23:24 - 2017-04-05 23:24 - 00000000 ____D C:\Users\Sean\AppData\Local\DBG 2017-04-05 23:21 - 2017-04-06 15:41 - 00042362 _____ C:\WINDOWS\system32\bddel.dat 2017-04-05 23:03 - 2017-04-06 04:12 - 00000000 ____D C:\Program Files\BDServices 2017-04-04 04:25 - 2017-04-06 01:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\Users\Sean\Documents\Simply Super Software 2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Simply Super Software 2017-04-04 04:25 - 2017-04-04 04:25 - 00000000 ____D C:\ProgramData\Simply Super Software 2017-04-04 04:24 - 2017-04-06 01:53 - 64936608 _____ (Simply Super Software ) C:\Users\Sean\Downloads\trjsetup695.exe 2017-04-04 04:23 - 2017-04-04 04:24 - 01884832 _____ ( ) C:\Users\Sean\Downloads\Trojan_Remover_6.9.5.exe C:\Program Files (x86)\Trojan Remover Task: {8F984A00-2F47-439A-9931-CE754DB28AA9} - System32\Tasks\Digital Care Startup => C:\Program Files (x86)\Digital Care Solutions\Digital Care\DC_Launcher.exe [2017-03-16] (Digital Care Solutions) Task: C:\WINDOWS\Tasks\Digital Care Startup.job => C:\Program Files (x86)\Digital Care Solutions\Digital Care\DC_Launcher.exe BootExecute: autocheck autochk * bddel.exe AlternateDataStreams: C:\WINDOWS\system32\Drivers\nfntibvj.sys:changelist [448] Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state Off CMD: ipconfig /flushdns Emptytemp: end ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner => value not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-3944881690-2465539413-2922067820-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully ibtsiva => service removed successfully gzflt => service not found. Trufos => service not found. C:\Users\Sean\AppData\Local\drutkycvq => moved successfully C:\Users\Sean\AppData\Local\lpzahjqu => moved successfully C:\Users\Sean\AppData\Roaming\c => moved successfully C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully "C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found. "C:\Program Files (x86)\Digital Care Solutions" => not found. "C:\Users\Sean\Desktop\Digital Care.lnk" => not found. "C:\WINDOWS\Tasks\Digital Care Startup.job" => not found. "C:\WINDOWS\System32\Tasks\Digital Care Startup" => not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Care Solutions" => not found. C:\ProgramData\Digital Care Solutions => moved successfully C:\Users\Sean\AppData\Local\DBG => moved successfully C:\WINDOWS\system32\bddel.dat => moved successfully C:\Program Files\BDServices => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover" => not found. "C:\Users\Sean\Documents\Simply Super Software" => not found. "C:\Users\Sean\AppData\Roaming\Simply Super Software" => not found. "C:\ProgramData\Simply Super Software" => not found. C:\Users\Sean\Downloads\trjsetup695.exe => moved successfully C:\Users\Sean\Downloads\Trojan_Remover_6.9.5.exe => moved successfully "C:\Program Files (x86)\Trojan Remover" => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F984A00-2F47-439A-9931-CE754DB28AA9} => key not found. C:\WINDOWS\System32\Tasks\Digital Care Startup => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Care Startup => key not found. C:\WINDOWS\Tasks\Digital Care Startup.job => not found. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully C:\WINDOWS\system32\Drivers\nfntibvj.sys => ":changelist" ADS removed successfully. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state Off ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18209585 B Java, Flash, Steam htmlcache => 1142 B Windows/system/drivers => 172899024 B Edge => 213445720 B Chrome => 203607120 B Firefox => 44089201 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 74 B systemprofile32 => 128 B LocalService => 19446 B NetworkService => 114850 B defaultuser0 => 7168 B Sean => 31327559 B RecycleBin => 0 B EmptyTemp: => 657.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 02:21:52 ====