Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by hp (10-11-2017 13:16:38) Run:1 Running from C:\Users\hp\Desktop Loaded Profiles: hp (Available Profiles: hp) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKLM-x32\...\RunOnce: [Parebilihil] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\hp\AppData\Roaming\09EFE6~1\Safop.dat" HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION BootExecute: autocheck autochk * bddel.exebootdelete HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-504977819-1237746315-2494449549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-504977819-1237746315-2494449549-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-ae/?ocid=iehp FF DefaultProfile: d24paf9o.default-1509446865679 FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=E05000C0CA5525D4&affID=122471&tt=070813_wt3&tsp=4969 CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\wutelereeacultgrujent [2017-11-01] <==== ATTENTION S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [X] S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [X] S2 hshld; "C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe" [X] S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe" [X] S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X] S3 AFTrafMgr1.3; \??\C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_3_64.sys [X] U3 aswbdisk; no ImagePath U2 ERSvc; no ImagePath S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X] U2 IAStorDataMgrsvc; no ImagePath U2 NIHardwareService; no ImagePath U2 NVSvc; no ImagePath U2 Parvdm; no ImagePath U2 srService; no ImagePath ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== ATTENTION ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION Task: {374C1872-AAF9-435E-8457-F1D68A3B3FA1} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== ATTENTION Task: {3E7B18DC-F140-44D0-A314-2ACEC47267B5} - System32\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F} => C:\Users\hp\AppData\Roaming\09EFE65B-EEAC-1578-6D4F-262652E9D19F\Sync.exe [2013-04-09] () <==== ATTENTION Task: {A014F30B-0AFA-4B2A-B408-0A79606AA029} - System32\Tasks\Chromium lonos => "wscript.exe" "C:\ProgramData\{A6266345-2C64-E983-AAA2-77C130E0FC0F}\dole.txt" "68747470733a2f2f6b6174756e61712e636f6d" "433a5c50726f6772616d446174615c7b41363236363334352d324336342d453938332d414141322d3737433133304530464330467d5c6d69726f7365" "433a5c50726f6772616d446174615c7b41363236363334352d324336342d453938332d (the data entry has 84 more characters). <==== ATTENTION Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\PC Health Advisor Update.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe <==== ATTENTION Task: C:\Windows\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F}.job => C:\Users\hp\AppData\Roaming\09EFE6~1\Sync.exe <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-504977819-1237746315-2494449549-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-504977819-1237746315-2494449549-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Parebilihil => value not found. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-504977819-1237746315-2494449549-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-504977819-1237746315-2494449549-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value not found. FF DefaultProfile: d24paf9o.default-1509446865679 => Error: No automatic fix found for this entry. HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully Chrome HomePage => removed successfully C:\Users\hp\AppData\Local\Google\Chrome\User Data\wutelereeacultgrujent => moved successfully HKLM\System\CurrentControlSet\Services\BBSvc => key removed successfully BBSvc => service removed successfully HKLM\System\CurrentControlSet\Services\BBUpdate => key removed successfully BBUpdate => service removed successfully HKLM\System\CurrentControlSet\Services\hshld => key removed successfully hshld => service removed successfully HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully McComponentHostService => service removed successfully HKLM\System\CurrentControlSet\Services\SpyEmrgHealth => key removed successfully SpyEmrgHealth => service removed successfully HKLM\System\CurrentControlSet\Services\AFTrafMgr1.3 => key removed successfully AFTrafMgr1.3 => service removed successfully HKLM\System\CurrentControlSet\Services\aswbdisk => key removed successfully aswbdisk => service removed successfully HKLM\System\CurrentControlSet\Services\ERSvc => key removed successfully ERSvc => service removed successfully HKLM\System\CurrentControlSet\Services\hitmanpro37duringboot => key removed successfully hitmanpro37duringboot => service removed successfully HKLM\System\CurrentControlSet\Services\IAStorDataMgrsvc => key removed successfully IAStorDataMgrsvc => service removed successfully HKLM\System\CurrentControlSet\Services\NIHardwareService => key removed successfully NIHardwareService => service removed successfully HKLM\System\CurrentControlSet\Services\NVSvc => key removed successfully NVSvc => service removed successfully HKLM\System\CurrentControlSet\Services\Parvdm => key removed successfully Parvdm => service removed successfully HKLM\System\CurrentControlSet\Services\srService => key removed successfully srService => service removed successfully ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.16.0.1 - Byte Technologies LLC) <==== ATTENTION => Error: No automatic fix found for this entry. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374C1872-AAF9-435E-8457-F1D68A3B3FA1} => key not found. C:\Windows\System32\Tasks\ByteFence => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E7B18DC-F140-44D0-A314-2ACEC47267B5} => key not found. C:\Windows\System32\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09EFE65B-EEAC-1578-6D4F-262652E9D19F} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A014F30B-0AFA-4B2A-B408-0A79606AA029} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A014F30B-0AFA-4B2A-B408-0A79606AA029} => key removed successfully C:\Windows\System32\Tasks\Chromium lonos => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium lonos => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => key not found. C:\Windows\Tasks\PC Health Advisor Defrag.job => moved successfully C:\Windows\Tasks\PC Health Advisor Update.job => moved successfully C:\Windows\Tasks\PC Health Advisor.job => moved successfully C:\Windows\Tasks\{09EFE65B-EEAC-1578-6D4F-262652E9D19F}.job => not found. ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19571557 B Java, Flash, Steam htmlcache => 510 B Windows/system/drivers => 1655044 B Edge => 0 B Chrome => 55588270 B Firefox => 366693473 B Opera => 19307282 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 33058 B LocalService => 0 B NetworkService => 1416 B hp => 35432445 B RecycleBin => 716320384 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:17:45 ====