Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015 Ran by Bennani at 2015-07-05 21:39:05 Run:1 Running from C:\Users\Bennani\Desktop Loaded Profiles: Bennani (Available Profiles: Bennani) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: Hosts: RemoveProxy: EmptyTemp: CreateRestorePoint: HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe" HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Bennani\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar) HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\...\Run: [uTorrent] => C:\Users\Bennani\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] AppInit_DLLs: C:\Users\Bennani\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\Bennani\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [140800 2015-04-03] HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/ HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/ HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/ HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/ SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/ SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/ SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/ SearchScopes: HKU\S-1-5-21-1293848520-3022823651-4053527934-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/ SearchScopes: HKU\S-1-5-21-1293848520-3022823651-4053527934-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/ SearchScopes: HKU\S-1-5-21-1293848520-3022823651-4053527934-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-26] BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-26] BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File BHO-x32: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKU\S-1-5-21-1293848520-3022823651-4053527934-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF NewTab: hxxp://feed.helperbar.com/ FF SelectedSearchEngine: Web Search FF Homepage: hxxp://feed.helperbar.com/ FF Keyword.URL: hxxp://feed.helperbar.com/ FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation) FF SearchPlugin: C:\Users\Bennani\AppData\Roaming\Mozilla\Firefox\Profiles\nla6zqke.default\searchplugins\Web Search.xml [2015-05-19] FF Extension: DebrideurStreaming - C:\Users\Bennani\AppData\Roaming\Mozilla\Firefox\Profiles\nla6zqke.default\Extensions\jid1-6gzTcCreJnRqoIj7t8ltxj2HuKc@jetpack.xpi [2015-02-28] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-06-02] FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed] 2015-06-09 15:55 - 2015-06-09 15:56 - 00000000 ____D C:\Users\Bennani\AppData\Local\{C4F77483-634E-4290-B6F6-486F012534DE} 2015-07-04 15:44 - 2014-10-23 22:55 - 00000000 ____D C:\Users\Bennani\AppData\Roaming\uTorrent 2014-08-23 12:32 - 2014-08-23 12:32 - 0580303 _____ () C:\ProgramData\1408788808.bdinstall.bin 2014-11-26 21:29 - 2014-11-26 21:29 - 0249219 _____ () C:\ProgramData\1417030112.bdinstall.bin 2014-08-27 16:28 - 2014-08-27 16:28 - 00025088 _____ () C:\Users\Bennani\AppData\Local\Smartbar\ C:\Users\Bennani\AppData\Local\Temp\1abpdenl.dll C:\Users\Bennani\AppData\Local\Temp\sp58915.exe FirewallRules: [{F8F264C8-745F-4A4E-916E-378F5C8EF6EE}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{85C40B82-13A5-4BA3-8DC8-CD6711ACC64E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{FCF54265-B3CF-48AD-B0C1-7DFF52E51049}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{5DE642F4-DEF4-43AC-9991-A7545D9D24DF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{E4F2C699-F30B-4900-8DC0-9E7C7E872712}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{CA2B24E8-8EA6-41B0-9344-341E99CAB694}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{02A5B6F2-B983-4DE5-B957-AE60544AA59E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{45914352-CAB3-4D29-8CB9-F45BC8ECEC83}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{13E3378B-1FA0-46AC-BF38-D2A0E0F3B7D2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{F9B889D4-90D4-4052-9503-EAE3D6CACDFD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{4E96B918-0A82-46DD-874B-23E4FDE05532}] => (Allow) C:\Users\Bennani\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{75ECABFD-06F0-48B6-AE65-22CC61C14D77}] => (Allow) C:\Users\Bennani\AppData\Roaming\uTorrent\uTorrent.exe end ***************** Processes closed successfully. C:\Windows\System32\Drivers\etc\hosts => moved successfully. Hosts restored successfully. ========= RemoveProxy: ========= "HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= Restore point was successfully created. HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value removed successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => value removed successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully "C:\Users\Bennani\AppData\Local\Smartbar\Application\Resources\crdlil64.dll" => value data removed successfully. HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. "HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => key removed successfully HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. "HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => key removed successfully HKCR\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully "HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => key not found. HKU\S-1-5-21-1293848520-3022823651-4053527934-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. Firefox newtab removed successfully Firefox SelectedSearchEngine removed successfully Firefox homepage removed successfully Firefox Keyword.URL removed successfully HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 => key not found. "C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll" => not found. HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 => key not found. "C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll" => not found. C:\Users\Bennani\AppData\Roaming\Mozilla\Firefox\Profiles\nla6zqke.default\searchplugins\Web Search.xml => moved successfully. C:\Users\Bennani\AppData\Roaming\Mozilla\Firefox\Profiles\nla6zqke.default\Extensions\jid1-6gzTcCreJnRqoIj7t8ltxj2HuKc@jetpack.xpi => moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com => moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\bdwteff@bitdefender.com => value removed successfully Service KMSELDI => Service removed successfully C:\Users\Bennani\AppData\Local\{C4F77483-634E-4290-B6F6-486F012534DE} => moved successfully. C:\Users\Bennani\AppData\Roaming\uTorrent => moved successfully. C:\ProgramData\1408788808.bdinstall.bin => moved successfully. C:\ProgramData\1417030112.bdinstall.bin => moved successfully. C:\Users\Bennani\AppData\Local\Smartbar => moved successfully. C:\Users\Bennani\AppData\Local\Temp\1abpdenl.dll => moved successfully. C:\Users\Bennani\AppData\Local\Temp\sp58915.exe => moved successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8F264C8-745F-4A4E-916E-378F5C8EF6EE} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85C40B82-13A5-4BA3-8DC8-CD6711ACC64E} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCF54265-B3CF-48AD-B0C1-7DFF52E51049} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DE642F4-DEF4-43AC-9991-A7545D9D24DF} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4F2C699-F30B-4900-8DC0-9E7C7E872712} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA2B24E8-8EA6-41B0-9344-341E99CAB694} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02A5B6F2-B983-4DE5-B957-AE60544AA59E} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45914352-CAB3-4D29-8CB9-F45BC8ECEC83} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13E3378B-1FA0-46AC-BF38-D2A0E0F3B7D2} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9B889D4-90D4-4052-9503-EAE3D6CACDFD} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E96B918-0A82-46DD-874B-23E4FDE05532} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75ECABFD-06F0-48B6-AE65-22CC61C14D77} => value removed successfully EmptyTemp: => 558.4 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 21:40:11 ====