Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017 Ran by Mohd and Bayan (17-11-2017 13:15:41) Run:1 Running from C:\Users\Mohd and Bayan\Desktop Loaded Profiles: Mohd and Bayan (Available Profiles: Mohd and Bayan) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [CheckNewAge] => C:\Windows\system32\cmd.exe /c start C:\BrowserUpdater\Rad.exe "C:\BrowserUpdater\newage.tnt" & exit HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://maktoob.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1255_161119__yaie&p={searchTerms} BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File Toolbar: HKU\S-1-5-21-1360484886-3019900457-2137984265-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Bing FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxp://www.facebook.com/","hxxp://twitter.com/","hxxp://google.ae/","hxxp://www.youtube.com/" CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_popjar_15_53_newdop�m1=1�m2=f%3D4%26b%3DChrome%26cc%3Dps%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AtDtC0DyEzz0B0FtAyE0D0BtByEtB0EtN0D0Tzu0StCyEyCtCtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StC0B0BtAyDtA0AyDtGtByC0AyBtG0FtAtByEtGyCyEyByEtG0E0EtD0DtByDyB0CtBtDyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtDtAyDtB0AyDyDtGtAyC0CtDtGyEzz0AyEtGzz0EyDtDtG0FzyyD0EyEyEyDtDyCyD0FtD2QtN0A0LzutD%26cr%3D643771636%26a%3Dwny_popjar_15_53_newdop%26os%3DWindows%2B7%2BProfessional&p={searchTerms} CHR DefaultSearchKeyword: Default -> search provided by yahoo.com CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} S3 catchme; \??\C:\ComboFix_2\catchme.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\...\Run: [BingSvc] => C:\Users\Mohd and Bayan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation) CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CheckNewAge => value removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key removed successfully HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5} => key not found. HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully HKLM\Software\Classes\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found. Firefox DefaultSearchEngine removed successfully Firefox SelectedSearchEngine removed successfully HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully CHR DefaultProfile: Default => Error: No automatic fix found for this entry. Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully Chrome DefaultSuggestURL => removed successfully HKLM\System\CurrentControlSet\Services\catchme => key removed successfully catchme => service removed successfully HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully HKU\S-1-5-21-1360484886-3019900457-2137984265-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15394546 B Java, Flash, Steam htmlcache => 524 B Windows/system/drivers => 5038 B Edge => 0 B Chrome => 2274065 B Firefox => 11042775 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 33125 B Public => 0 B ProgramData => 0 B systemprofile => 58504039 B systemprofile32 => 72006 B LocalService => 66228 B NetworkService => 104316 B Mohd and Bayan => 139322427 B RecycleBin => 0 B EmptyTemp: => 224.3 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:16:32 ====