Fix result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017 Ran by Momin (13-07-2017 00:55:35) Run:1 Running from C:\Users\Momin\OneDrive\Documents\FRST Loaded Profiles: Momin (Available Profiles: Momin) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: C:\Users\Momin\AppData\Local\wrirmrmv Unlock: C:\Users\Momin\AppData\Local\wrirmrmv C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe Unlock: C:\Users\Momin\AppData\Local\ntuserlitelist C:\Users\Momin\AppData\Local\ntuserlitelist HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicyScripts\User: Restriction <==== ATTENTION HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-792130682-3646775307-2699870585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-792130682-3646775307-2699870585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 windowsmanagementservice; C:\Users\Momin\AppData\Local\wrirmrmv\wyivdei\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION Unlock: 2017-06-17 19:33 - 2017-06-17 19:46 - 00000000 ____D C:\Users\Momin\AppData\Local\llssoft Unlock: C:\Users\Momin\AppData\Local\llssoft C:\Users\Momin\AppData\Local\llssoft 2017-06-17 19:32 - 2017-06-17 19:32 - 00002048 _____ C:\Users\Momin\AppData\Local\uninstallro.exe 2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Roaming\c 2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Local\xgpsjqsh Task: {6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} - \5004826 -> No File <==== ATTENTION CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. C:\Users\Momin\AppData\Local\wrirmrmv => moved successfully "C:\Users\Momin\AppData\Local\wrirmrmv" => not found. Could not move "C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" => Scheduled to move on reboot. Could not move "C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe" => Scheduled to move on reboot. "C:\Users\Momin\AppData\Local\ntuserlitelist" => was unlocked C:\Users\Momin\AppData\Local\ntuserlitelist => moved successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove, key could be protected C:\WINDOWS\system32\GroupPolicy\User => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\S-1-5-21-792130682-3646775307-2699870585-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected Unlock: 2017-06-17 19:33 - 2017-06-17 19:46 - 00000000 ____D C:\Users\Momin\AppData\Local\llssoft => Error: No automatic fix found for this entry. "C:\Users\Momin\AppData\Local\llssoft" => was unlocked C:\Users\Momin\AppData\Local\llssoft => moved successfully C:\Users\Momin\AppData\Local\uninstallro.exe => moved successfully C:\Users\Momin\AppData\Roaming\c => moved successfully C:\Users\Momin\AppData\Local\xgpsjqsh => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5004826 => key not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {9515015C-C635-473A-8068-313328798D0E} canceled. {FD51BE32-391E-4C4A-AC59-FA869B97F48D} canceled. {062D3AF7-96B5-423E-A98B-29CC920777D1} canceled. 3 out of 3 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14113494 B Java, Flash, Steam htmlcache => 38480741 B Windows/system/drivers => 60600843 B Edge => 78942653 B Chrome => 2939603 B Firefox => 384989114 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 0 B Momin => 33685817 B RecycleBin => 58214318 B EmptyTemp: => 649.6 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-07-2017 01:03:15) C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe => Is moved successfully C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe => Is moved successfully Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected ==== End of Fixlog 01:03:15 ====