Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by salamouna2 (2016-07-06 03:44:35) Run:1 Running from C:\Users\salamouna2\Desktop Loaded Profiles: salamouna2 (Available Profiles: salamouna2) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\RunOnce: [Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {4de4cc7b-ea26-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {5faaf9e2-9545-11e5-825d-28c2ddb58208} - "F:\LaunchU3.exe" -a HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b322f0de-e7b8-11e5-8271-28c2ddb58208} - "F:\AutoRun.exe" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\MountPoints2: {b40ed7ef-28e1-11e6-827d-28c2ddb58209} - "F:\AutoRun.exe" FF NetworkProxy: "backup.ftp", "45.79.76.52" FF NetworkProxy: "backup.ftp_port", 10023 FF NetworkProxy: "backup.socks", "45.79.76.52" FF NetworkProxy: "backup.socks_port", 10023 FF NetworkProxy: "backup.ssl", "45.79.76.52" FF NetworkProxy: "backup.ssl_port", 10023 FF NetworkProxy: "ftp", "167.114.125.160" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "167.114.33.15" FF NetworkProxy: "gopher_port", 3128 FF NetworkProxy: "http", "167.114.125.160" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "167.114.125.160" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "socks_version", 4 FF NetworkProxy: "ssl", "167.114.125.160" FF NetworkProxy: "ssl_port", 3128 CHR dev: Chrome dev build detected! <======= ATTENTION 2016-07-02 02:45 - 2015-10-30 08:19 - 00045216 ___SH (Microsoft Corporation) C:\Users\salamouna2\RegSvcs.exe C:\Users\salamouna2\RegSvcs.exe Task: {00D85E4D-BD90-4534-9802-538A333C7E76} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0BB48EE2-C323-4B10-BAA2-9271797FD747} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION Task: {21940C9F-3DD2-43FA-A983-8CFD26DCCCE6} - \Google Update -> No File <==== ATTENTION Task: {2AFC4A1A-4624-4909-937E-C06573397783} - System32\Tasks\hfdccd => C:\Users\salamouna2\hfdccd\zvbvhivw.exe [2015-07-10] (AutoIt Team) Task: {2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {4453AEEB-2FD2-4C95-BAEC-D8CC46163A86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {4904A467-029A-4FA3-814E-F9B60459075D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {6A596AF8-E666-45AB-939B-E553FD83FF1B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {70637062-DC18-425E-AE37-B4AA5C44113A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {93357560-2CD3-4F9E-9E01-12179707A1FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {95CF4079-9C3D-4335-B50A-3AFA122A03E8} - System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/fr/abandoninstall?source=lightinstaller&page=tsMain Task: {B93A2461-7FDF-4112-B796-75DA19B35D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F90636A8-2115-4F09-BE19-FD70F9F9ACF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F989AEF5-BCE8-4702-BF86-0603DCB557A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 => value removed successfully HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64 => value removed successfully "HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4de4cc7b-ea26-11e5-8271-28c2ddb58208}" => key removed successfully HKCR\CLSID\{4de4cc7b-ea26-11e5-8271-28c2ddb58208} => key not found. "HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faaf9e2-9545-11e5-825d-28c2ddb58208}" => key removed successfully HKCR\CLSID\{5faaf9e2-9545-11e5-825d-28c2ddb58208} => key not found. "HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b322f0de-e7b8-11e5-8271-28c2ddb58208}" => key removed successfully HKCR\CLSID\{b322f0de-e7b8-11e5-8271-28c2ddb58208} => key not found. "HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b40ed7ef-28e1-11e6-827d-28c2ddb58209}" => key removed successfully HKCR\CLSID\{b40ed7ef-28e1-11e6-827d-28c2ddb58209} => key not found. Firefox Proxy settings were reset. FF NetworkProxy: "backup.ftp_port", 10023 => not found FF NetworkProxy: "backup.socks", "45.79.76.52" => not found FF NetworkProxy: "backup.socks_port", 10023 => not found FF NetworkProxy: "backup.ssl", "45.79.76.52" => not found FF NetworkProxy: "backup.ssl_port", 10023 => not found FF NetworkProxy: "ftp", "167.114.125.160" => not found FF NetworkProxy: "ftp_port", 3128 => not found FF NetworkProxy: "gopher", "167.114.33.15" => not found FF NetworkProxy: "gopher_port", 3128 => not found FF NetworkProxy: "http", "167.114.125.160" => not found FF NetworkProxy: "http_port", 3128 => not found FF NetworkProxy: "share_proxy_settings", true => not found FF NetworkProxy: "socks", "167.114.125.160" => not found FF NetworkProxy: "socks_port", 3128 => not found FF NetworkProxy: "socks_version", 4 => not found FF NetworkProxy: "ssl", "167.114.125.160" => not found FF NetworkProxy: "ssl_port", 3128 => not found CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. C:\Users\salamouna2\RegSvcs.exe => moved successfully "C:\Users\salamouna2\RegSvcs.exe" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D85E4D-BD90-4534-9802-538A333C7E76}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB48EE2-C323-4B10-BAA2-9271797FD747}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21940C9F-3DD2-43FA-A983-8CFD26DCCCE6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Update" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AFC4A1A-4624-4909-937E-C06573397783}" => key removed successfully C:\WINDOWS\System32\Tasks\hfdccd => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hfdccd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E}" => key removed successfully C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4453AEEB-2FD2-4C95-BAEC-D8CC46163A86}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4904A467-029A-4FA3-814E-F9B60459075D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A596AF8-E666-45AB-939B-E553FD83FF1B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70637062-DC18-425E-AE37-B4AA5C44113A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93357560-2CD3-4F9E-9E01-12179707A1FB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95CF4079-9C3D-4335-B50A-3AFA122A03E8}" => key removed successfully C:\WINDOWS\System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DDF7C85-E9A4-482B-8905-8345726CEC8A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B93A2461-7FDF-4112-B796-75DA19B35D64}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F90636A8-2115-4F09-BE19-FD70F9F9ACF4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F989AEF5-BCE8-4702-BF86-0603DCB557A8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 294880 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10869486 B Java, Flash, Steam htmlcache => 715 B Windows/system/drivers => 453014 B Edge => 200 B Chrome => 0 B Firefox => 272906960 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 22443 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 5714 B NetworkService => 0 B salamouna2 => 137360072 B RecycleBin => 31466944 B EmptyTemp: => 432.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 03:46:20 ====