Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017 Ran by wyrfxrssn (30-07-2017 00:56:42) Run:1 Running from C:\Users\wyrfxrssn\Downloads Loaded Profiles: wyrfxrssn (Available Profiles: wyrfxrssn & Administrator & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {6122BF9D-A333-417E-B4E7-35CDB48DB3D8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-2727595699-1335264708-1319002134-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = SearchScopes: HKU\S-1-5-21-2727595699-1335264708-1319002134-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} Toolbar: HKU\S-1-5-21-2727595699-1335264708-1319002134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File C:\ProgramData\fontcacheev1.dat 2016-07-15 21:51 - 2016-07-15 21:51 - 0000000 _____ () C:\Users\wyrfxrssn\AppData\Local\Temp\GUR7737.exe 2014-01-19 19:52 - 2010-05-21 17:38 - 0074808 _____ (Hewlett-Packard) C:\Users\wyrfxrssn\AppData\Local\Temp\HPHelpUpdater.exe 2015-11-08 22:30 - 2015-09-28 09:08 - 0594448 _____ (Hewlett-Packard) C:\Users\wyrfxrssn\AppData\Local\Temp\HPSFUpdater.exe 2017-04-20 04:36 - 2017-04-20 04:36 - 0739904 _____ (Oracle Corporation) C:\Users\wyrfxrssn\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-27 04:36 - 2017-07-27 04:37 - 0740416 _____ (Oracle Corporation) C:\Users\wyrfxrssn\AppData\Local\Temp\jre-8u144-windows-au.exe 2013-10-02 15:53 - 2013-10-02 15:53 - 49662160 _____ (Microsoft Corporation) C:\Users\wyrfxrssn\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe 2010-03-15 21:11 - 2010-03-15 21:11 - 0149352 ____R (Microsoft Corporation) C:\Users\wyrfxrssn\AppData\Local\Temp\ose00000.exe 2014-09-23 22:22 - 2014-09-23 22:22 - 0010752 _____ () C:\Users\wyrfxrssn\AppData\Local\Temp\PlaySound.dll 2014-01-19 19:52 - 2012-05-04 02:24 - 0031616 _____ (Hewlett-Packard Company) C:\Users\wyrfxrssn\AppData\Local\Temp\Resource.exe 2013-09-16 09:45 - 2014-02-12 14:24 - 0004133 _____ () C:\Users\wyrfxrssn\AppData\Local\Temp\SearchProtectionSetup.exe 2014-01-16 01:01 - 2014-01-16 01:01 - 2578736 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP56478.exe 2014-01-17 09:32 - 2014-01-17 09:32 - 2264112 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP56750.exe 2012-06-30 13:34 - 2012-06-30 13:34 - 144895440 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP56904.exe 2013-06-04 02:20 - 2013-06-04 02:20 - 4022944 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP56929.exe 2013-07-19 20:02 - 2013-07-19 20:02 - 23478616 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP57538.exe 2013-07-11 21:51 - 2013-07-11 21:51 - 6594568 _____ (Hewlett Packard Inc ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP57698.exe 2013-05-09 08:48 - 2013-05-09 08:48 - 45042944 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP57966.exe 2013-07-28 17:37 - 2013-07-28 17:39 - 41580520 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\sp58915.exe 2013-07-12 02:48 - 2013-07-12 02:48 - 6709496 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP60051.exe 2013-06-24 08:58 - 2013-06-24 08:58 - 9982176 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP61037.exe 2013-08-29 04:38 - 2013-08-29 04:38 - 6844168 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP62991.exe 2013-10-25 10:58 - 2013-10-25 10:58 - 6879392 _____ (Hewlett-Packard Company ) C:\Users\wyrfxrssn\AppData\Local\Temp\SP63801.exe 2014-01-17 08:49 - 2014-01-17 08:49 - 44799704 _____ (Hewlett-Packard ) C:\Users\wyrfxrssn\AppData\Local\Temp\sp64126.exe 2013-09-17 09:42 - 2013-10-01 09:48 - 4728320 _____ (Spotify Ltd) C:\Users\wyrfxrssn\AppData\Local\Temp\SpotifyUninstall.exe 2017-07-29 05:02 - 2017-07-29 05:02 - 1199825 _____ () C:\Users\wyrfxrssn\AppData\Local\Temp\unins000.exe 2014-05-07 17:58 - 2014-05-07 17:32 - 2030104 _____ (AVG Technologies) C:\Users\wyrfxrssn\AppData\Local\Temp\UNINSTALL.EXE 2013-07-28 17:39 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\wyrfxrssn\AppData\Local\Temp\UninstallHPSA.exe ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Task: {882DDFC6-C2C0-40B1-B3B6-869EECDBD4CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully HKLM\Software\Classes\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6122BF9D-A333-417E-B4E7-35CDB48DB3D8} => key removed successfully HKLM\Software\Classes\CLSID\{6122BF9D-A333-417E-B4E7-35CDB48DB3D8} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. HKU\S-1-5-21-2727595699-1335264708-1319002134-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-2727595699-1335264708-1319002134-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. HKU\S-1-5-21-2727595699-1335264708-1319002134-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. C:\ProgramData\fontcacheev1.dat => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\GUR7737.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\HPHelpUpdater.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\HPSFUpdater.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\jre-8u144-windows-au.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\ose00000.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\PlaySound.dll => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\Resource.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SearchProtectionSetup.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP56478.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP56750.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP56904.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP56929.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP57538.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP57698.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP57966.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\sp58915.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP60051.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP61037.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP62991.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SP63801.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\sp64126.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\SpotifyUninstall.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\unins000.exe => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\UNINSTALL.EXE => moved successfully C:\Users\wyrfxrssn\AppData\Local\Temp\UninstallHPSA.exe => moved successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{882DDFC6-C2C0-40B1-B3B6-869EECDBD4CE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{882DDFC6-C2C0-40B1-B3B6-869EECDBD4CE} => key removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {0B38859F-1252-458F-AA0C-B5A61D6A348E}. {60CD287C-6F70-4712-9474-06E9E4D11E5A} canceled. {EA082458-9E3D-4FC2-91A5-D37DADC01973} canceled. 2 out of 3 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2727595699-1335264708-1319002134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2727595699-1335264708-1319002134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 248248156 B Java, Flash, Steam htmlcache => 522470866 B Windows/system/drivers => 80382781161 B Edge => 0 B Chrome => 84429279 B Firefox => 22820487 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16674 B systemprofile32 => 95456 B LocalService => 0 B NetworkService => 11492 B wyrfxrssn => 1890265385 B TEMP => 0 B Administrator => 447828 B Guest => 3646322 B RecycleBin => 2440474951 B EmptyTemp: => 79.7 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 01:00:20 ====