Post by rrtflyfisher on Sept 7, 2016 18:59:54 GMT -8
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by rtannen (07-09-2016 20:55:18) Run:3
Running from C:\Users\rtannen\Desktop
Loaded Profiles: rtannen (Available Profiles: rtannen & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{1828989e-c64e-421e-a441-eb23de027058}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{6dc006bd-da1b-4662-98f9-d7496d97affc}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{cef7679c-21eb-412d-9945-c981bfeedd8b}: [DhcpNameServer] 192.168.0.1 205.171.2.25
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites02_14_29_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytD0DyBtDtD0B0F0CtDtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtA0AtB0CtBtBtGtAtA0FzytGyDyC0C0DtGyC0Azy0FtGtB0A0FtAyD0D0CtDzytByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytA0D0E0D0C0AtGzz0EyD0CtGzy0FtDtBtGzzyCyDtBtGtCzztBtDzytBtBtC0CtBtD0F2Q&cr=1873698727&ir=
FF Homepage: hxxps://my.yahoo.com/;_ylt=A0LEViw_1gVXdgUAzucPxQt.;_ylu=X3oDMTByOHZyb21tBGNvbG8DYmYxBHBvcwMxBHZ0aWQDBHNlYwNzcg--
2016-09-04 16:36 - 2016-09-04 16:37 - 00000000 ____D C:\Users\rtannen\AppData\Roaming\ProductData
2016-09-04 16:35 - 2016-09-04 16:36 - 00000000 ____D C:\ProgramData\ProductData
2016-09-04 13:47 - 2016-09-04 13:47 - 00000278 _____ C:\ProgramData\SMRResults501.dat
C:\Users\rtannen\AppData\Local\Temp\libeay32.dll
C:\Users\rtannen\AppData\Local\Temp\msvcr120.dll
C:\Users\rtannen\AppData\Local\Temp\sqlite3.dll
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1828989e-c64e-421e-a441-eb23de027058}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6dc006bd-da1b-4662-98f9-d7496d97affc}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cef7679c-21eb-412d-9945-c981bfeedd8b}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Firefox "homepage" removed successfully
C:\Users\rtannen\AppData\Roaming\ProductData => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\ProgramData\SMRResults501.dat => moved successfully
C:\Users\rtannen\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\rtannen\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\rtannen\AppData\Local\Temp\sqlite3.dll => moved successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10707296 B
Java, Flash, Steam htmlcache => 711 B
Windows/system/drivers => 471816 B
Edge => 0 B
Chrome => 0 B
Firefox => 19870251 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 51410 B
NetworkService => 0 B
rtannen => 38092412 B
UpdatusUser => 0 B
RecycleBin => 0 B
EmptyTemp: => 66 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:55:31 ====
Ran by rtannen (07-09-2016 20:55:18) Run:3
Running from C:\Users\rtannen\Desktop
Loaded Profiles: rtannen (Available Profiles: rtannen & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{1828989e-c64e-421e-a441-eb23de027058}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{6dc006bd-da1b-4662-98f9-d7496d97affc}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{cef7679c-21eb-412d-9945-c981bfeedd8b}: [DhcpNameServer] 192.168.0.1 205.171.2.25
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites02_14_29_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEzytD0DyBtDtD0B0F0CtDtN0D0Tzu0SzytAtDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0DtA0AtB0CtBtBtGtAtA0FzytGyDyC0C0DtGyC0Azy0FtGtB0A0FtAyD0D0CtDzytByEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzytA0D0E0D0C0AtGzz0EyD0CtGzy0FtDtBtGzzyCyDtBtGtCzztBtDzytBtBtC0CtBtD0F2Q&cr=1873698727&ir=
FF Homepage: hxxps://my.yahoo.com/;_ylt=A0LEViw_1gVXdgUAzucPxQt.;_ylu=X3oDMTByOHZyb21tBGNvbG8DYmYxBHBvcwMxBHZ0aWQDBHNlYwNzcg--
2016-09-04 16:36 - 2016-09-04 16:37 - 00000000 ____D C:\Users\rtannen\AppData\Roaming\ProductData
2016-09-04 16:35 - 2016-09-04 16:36 - 00000000 ____D C:\ProgramData\ProductData
2016-09-04 13:47 - 2016-09-04 13:47 - 00000278 _____ C:\ProgramData\SMRResults501.dat
C:\Users\rtannen\AppData\Local\Temp\libeay32.dll
C:\Users\rtannen\AppData\Local\Temp\msvcr120.dll
C:\Users\rtannen\AppData\Local\Temp\sqlite3.dll
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1828989e-c64e-421e-a441-eb23de027058}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6dc006bd-da1b-4662-98f9-d7496d97affc}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cef7679c-21eb-412d-9945-c981bfeedd8b}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Firefox "homepage" removed successfully
C:\Users\rtannen\AppData\Roaming\ProductData => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\ProgramData\SMRResults501.dat => moved successfully
C:\Users\rtannen\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\rtannen\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\rtannen\AppData\Local\Temp\sqlite3.dll => moved successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3800062361-1221427859-2266335857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10707296 B
Java, Flash, Steam htmlcache => 711 B
Windows/system/drivers => 471816 B
Edge => 0 B
Chrome => 0 B
Firefox => 19870251 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 51410 B
NetworkService => 0 B
rtannen => 38092412 B
UpdatusUser => 0 B
RecycleBin => 0 B
EmptyTemp: => 66 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:55:31 ====