Fix result of Farbar Recovery Scan Tool (x64) Version: 10-08-2016 Ran by gary1 (2016-08-10 22:21:23) Run:1 Running from C:\Users\gary1\Downloads Loaded Profiles: gary1 (Available Profiles: gary1) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3961452459-976685310-3845880129-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-3961452459-976685310-3845880129-1001 -> DefaultScope {BCFDE135-2908-497E-818E-162789AA7F5F} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} SearchScopes: HKU\S-1-5-21-3961452459-976685310-3845880129-1001 -> {BCFDE135-2908-497E-818E-162789AA7F5F} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®) C:\Program Files\Reimage\Reimage Protector 2016-08-08 22:57 - 2016-08-08 23:27 - 00000000 _____ C:\Windows\system32\reimage.rep 2016-08-08 22:40 - 2016-08-08 23:12 - 00000000 ____D C:\ReimageUndo 2016-08-08 22:25 - 2016-08-08 22:25 - 00004352 _____ C:\Windows\System32\Tasks\ReimageUpdater 2016-08-08 22:25 - 2016-08-08 22:25 - 00001953 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\ProgramData\Reimage Protector 2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2016-08-08 22:25 - 2016-08-08 22:25 - 00000000 ____D C:\Program Files\Reimage 2016-08-08 22:24 - 2016-08-08 23:24 - 00000167 _____ C:\Windows\Reimage.ini 2016-08-08 22:24 - 2016-08-08 23:24 - 00000000 ____D C:\rei 2016-08-08 22:24 - 2016-08-08 22:24 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-08 22:24 - 2016-08-08 22:24 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-08 22:23 - 2016-08-08 22:24 - 00603824 _____ (Reimage) C:\Users\gary1\Downloads\ReimageRepair.exe 2016-08-08 21:13 - 2016-08-08 21:13 - 00002691 _____ C:\Users\gary1\Desktop\µTorrent.lnk 2016-08-08 21:13 - 2016-08-08 21:13 - 00002691 _____ C:\Users\gary1\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-08-08 21:13 - 2016-08-08 21:13 - 00000000 ____D C:\Users\gary1\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} 2016-08-08 21:12 - 2016-08-08 21:13 - 00000000 ____D C:\Users\gary1\AppData\Roaming\uTorrent Task: {403E3B41-5513-40E8-93A5-D4A5416BF7B9} - \App Explorer -> No File <==== ATTENTION Task: {C2DBE591-62EB-4121-84DC-7A4F360D2CD9} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION C:\Program Files\Reimage\ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCFDE135-2908-497E-818E-162789AA7F5F} => key not found. HKCR\CLSID\{BCFDE135-2908-497E-818E-162789AA7F5F} => key not found. ReimageRealTimeProtector => service not found. "C:\Program Files\Reimage\Reimage Protector" => not found. "C:\Windows\system32\reimage.rep" => not found. "C:\ReimageUndo" => not found. "C:\Windows\System32\Tasks\ReimageUpdater" => not found. "C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk" => not found. "C:\ProgramData\Reimage Protector" => not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair" => not found. "C:\Program Files\Reimage" => not found. "C:\Windows\Reimage.ini" => not found. "C:\rei" => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully C:\Users\Public\Desktop\Google Chrome.lnk => moved successfully C:\Users\gary1\Downloads\ReimageRepair.exe => moved successfully C:\Users\gary1\Desktop\µTorrent.lnk => moved successfully C:\Users\gary1\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk => moved successfully "C:\Users\gary1\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}" => not found. C:\Users\gary1\AppData\Roaming\uTorrent => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{403E3B41-5513-40E8-93A5-D4A5416BF7B9} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2DBE591-62EB-4121-84DC-7A4F360D2CD9} => key not found. C:\Windows\System32\Tasks\ReimageUpdater => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found. "C:\Program Files\Reimage" => not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcapexe" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeaack" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeavfk" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfemms" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => key removed successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3961452459-976685310-3845880129-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 845481 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27362080 B Java, Flash, Steam htmlcache => 1531 B Windows/system/drivers => 11124 B Edge => 278785075 B Chrome => 803131691 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 145507 B systemprofile32 => 0 B LocalService => 7292 B NetworkService => 2850 B gary1 => 53899972 B RecycleBin => 8267720 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:22:24 ====