Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016 Ran by uthmin (2016-05-04 02:11:59) Run:1 Running from C:\Users\uthmin\Desktop Loaded Profiles: uthmin (Available Profiles: uthmin) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: RemoveProxy: HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?ilc=8 SearchScopes: HKU\S-1-5-21-2791196081-3455553443-96247009-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 SearchScopes: HKU\S-1-5-21-2791196081-3455553443-96247009-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 CHR HomePage: Default -> hxxp://eg.hao222.com/ CHR StartupUrls: Default -> "hxxp://eg.hao222.com/" R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit) 2016-04-28 02:40 - 2016-04-28 02:40 - 00001427 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2016-04-28 01:11 - 2016-04-28 01:48 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2016-04-28 01:11 - 2016-04-28 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2016-04-28 01:11 - 2016-04-28 01:11 - 00014501 _____ C:\ProgramData\Duplicaterecord.js 2016-04-28 01:11 - 2016-04-28 01:11 - 00000000 ____D C:\ProgramData\Baidu 2016-04-27 22:29 - 2016-04-27 22:29 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\My Documents 2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Videos 2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Pictures 2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Music Task: {1721B862-666C-4F34-ADA2-0F4D97A29970} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION Task: {5DBD4505-4D34-4F34-881C-B64685AFE22E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {9F25FD7B-D8A4-47CA-AFEA-4A6D47DBB9B0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {AC4DE593-1CC8-415A-B8A8-C321520EB5AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B020AAEC-8DAC-4EAC-8D60-0C6BDA049D49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D4A94B4D-EC9D-4232-9130-94D99DD64BBE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_uthmin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe EmptyTemp: CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: reboot: end ***************** Processes closed successfully. Restore point was successfully created. ========= RemoveProxy: ========= "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\S-1-5-21-2791196081-3455553443-96247009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2791196081-3455553443-96247009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2791196081-3455553443-96247009-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-2791196081-3455553443-96247009-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => key removed successfully HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found. Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully LiveUpdateSvc => service removed successfully C:\Users\Public\Desktop\IObit Uninstaller.lnk => moved successfully "C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster" => not found. C:\ProgramData\Duplicaterecord.js => moved successfully C:\ProgramData\Baidu => moved successfully C:\WINDOWS\SysWOW64\sda => moved successfully Symbolic link found: "C:\Users\uthmin\My Documents" => "C:\Users\uthmin\Documents" "C:\Users\uthmin\My Documents" => Symbolic link removed successfully C:\Users\uthmin\My Documents => moved successfully Symbolic link found: "C:\Users\uthmin\Documents\My Videos" => "C:\Users\uthmin\Videos" "C:\Users\uthmin\Documents\My Videos" => Symbolic link removed successfully C:\Users\uthmin\Documents\My Videos => moved successfully Symbolic link found: "C:\Users\uthmin\Documents\My Pictures" => "C:\Users\uthmin\Pictures" "C:\Users\uthmin\Documents\My Pictures" => Symbolic link removed successfully C:\Users\uthmin\Documents\My Pictures => moved successfully Symbolic link found: "C:\Users\uthmin\Documents\My Music" => "C:\Users\uthmin\Music" "C:\Users\uthmin\Documents\My Music" => Symbolic link removed successfully C:\Users\uthmin\Documents\My Music => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1721B862-666C-4F34-ADA2-0F4D97A29970}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1721B862-666C-4F34-ADA2-0F4D97A29970}" => key removed successfully C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DBD4505-4D34-4F34-881C-B64685AFE22E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DBD4505-4D34-4F34-881C-B64685AFE22E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F25FD7B-D8A4-47CA-AFEA-4A6D47DBB9B0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F25FD7B-D8A4-47CA-AFEA-4A6D47DBB9B0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4DE593-1CC8-415A-B8A8-C321520EB5AA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4DE593-1CC8-415A-B8A8-C321520EB5AA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B020AAEC-8DAC-4EAC-8D60-0C6BDA049D49}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B020AAEC-8DAC-4EAC-8D60-0C6BDA049D49}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4A94B4D-EC9D-4232-9130-94D99DD64BBE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4A94B4D-EC9D-4232-9130-94D99DD64BBE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully C:\WINDOWS\Tasks\Uninstaller_SkipUac_uthmin.job => moved successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 138.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 02:12:45 ====