Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016 Ran by khalid (27-11-2016 16:12:59) Run:1 Running from C:\Users\khalid\Desktop Loaded Profiles: khalid (Available Profiles: khalid) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531b7-fd69-11e4-b9fb-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {58a531e8-fd69-11e4-b9fb-984be1ec3650} - H:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6b1faecf-3575-11e5-8592-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {6d9ad777-07b4-11e5-85a0-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {73c6041c-fc58-11e4-81d0-ecda9b3179f0} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d02-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {78996d19-142e-11e5-9939-984be1ec3650} - F:\AutoRun.exe HKU\S-1-5-21-982090994-2485536893-1322209893-1000\...\MountPoints2: {c9e173b9-0182-11e5-b53b-984be1ec3650} - F:\AutoRun.exe GroupPolicy: Restriction ? <======= ATTENTION HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaie SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10288__161016__yaie&p={searchTerms} SearchScopes: HKU\S-1-5-21-982090994-2485536893-1322209893-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb FF DefaultProfile: 46nzrjvr.default FF ProfilePath: C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default [2016-11-25] FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff CHR DefaultProfile: Default S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S3 cpuz134; \??\C:\Users\khalid\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 RTL8187; system32\DRIVERS\rtl8187.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end Read more at http://www.cjoint.com/c/FKAoDME7P5n#dlC13K5VRRZaqkMS.99 ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. ========= End of RemoveProxy: ========= HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value removed successfully. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a531b7-fd69-11e4-b9fb-984be1ec3650}" => key removed successfully. HKCR\CLSID\{58a531b7-fd69-11e4-b9fb-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a531e8-fd69-11e4-b9fb-984be1ec3650}" => key removed successfully. HKCR\CLSID\{58a531e8-fd69-11e4-b9fb-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b1faecf-3575-11e5-8592-984be1ec3650}" => key removed successfully. HKCR\CLSID\{6b1faecf-3575-11e5-8592-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d9ad777-07b4-11e5-85a0-984be1ec3650}" => key removed successfully. HKCR\CLSID\{6d9ad777-07b4-11e5-85a0-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73c6041c-fc58-11e4-81d0-ecda9b3179f0}" => key removed successfully. HKCR\CLSID\{73c6041c-fc58-11e4-81d0-ecda9b3179f0} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78996d02-142e-11e5-9939-984be1ec3650}" => key removed successfully. HKCR\CLSID\{78996d02-142e-11e5-9939-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78996d19-142e-11e5-9939-984be1ec3650}" => key removed successfully. HKCR\CLSID\{78996d19-142e-11e5-9939-984be1ec3650} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9e173b9-0182-11e5-b53b-984be1ec3650}" => key removed successfully. HKCR\CLSID\{c9e173b9-0182-11e5-b53b-984be1ec3650} => key not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-982090994-2485536893-1322209893-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully. HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found. "HKU\S-1-5-21-982090994-2485536893-1322209893-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}" => key removed successfully. HKCR\CLSID\{E88E0043-C9D4-4e33-8555-FEE4F5B63060} => key not found. ========================= FF DefaultProfile: 46nzrjvr.default ======================== "FF DefaultPro46nzrjvr.default" => not found. ====== End of File: ====== C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default => moved successfully C:\Users\khalid\AppData\Roaming\Mozilla\Firefox\Profiles\46nzrjvr.default => path removed successfully. FF NewTab: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff => not found FF Homepage: Mozilla\Firefox\Profiles\46nzrjvr.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10288__161016__yaff => not found ========================= CHR DefaultProfile: Default ======================== "CHR DefaultProDefault" => not found. ====== End of File: ====== rpcapd => service removed successfully. cpuz134 => service removed successfully. massfilter => service removed successfully. RTL8187 => service removed successfully. ZTEusbmdm6k => service removed successfully. ZTEusbnmea => service removed successfully. ZTEusbser6k => service removed successfully. ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. Read more at http://www.cjoint.com/c/FKAoDME7P5n#dlC13K5VRRZaqkMS.99 => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14158700 B Java, Flash, Steam htmlcache => 602 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 18674750 B Firefox => 24093551 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 117717 B LocalService => 132244 B NetworkService => 95984 B khalid => 63927212 B RecycleBin => 3769 B EmptyTemp: => 115.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:14:51 ====