Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015 Ran by Dharmesh at 2015-06-19 18:46:40 Run:1 Running from C:\Documents and Settings\Dharmesh\My Documents\Downloads Loaded Profiles: Dharmesh (Available Profiles: Dharmesh & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: J - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {1c490062-011a-11e4-aa1e-0019212e3108} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {1facade7-168b-11e5-aa9a-0019212e3108} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {78aeb65e-dc48-11e3-a9b1-0019212e3108} - J:\Startme.exe HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {ae832719-35eb-11e4-aa3d-0019212e3108} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {ca658600-0239-11e4-aa26-0019212e3108} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKU\S-1-5-21-1202660629-413027322-682003330-1003\...\MountPoints2: {eef94110-dc4a-11e3-a9b2-0019212e3108} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=951822553&ir= HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://start.mysearc...=951822553&ir="<======= ATTENTION SearchScopes: HKLM -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=951822553&ir= SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=951822553&ir= SearchScopes: HKU\S-1-5-21-1202660629-413027322-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=951822553&ir= SearchScopes: HKU\S-1-5-21-1202660629-413027322-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=951822553&ir= NETSVC: uliukt -> C:\WINDOWS\system32\efmzn.dll () U3 aswMBR; \??\C:\DOCUME~1\Dharmesh\LOCALS~1\Temp\aswMBR.sys [X] U3 aswVmm; \??\C:\DOCUME~1\Dharmesh\LOCALS~1\Temp\aswVmm.sys [X] CustomCLSID: HKU\S-1-5-21-1202660629-413027322-682003330-1003_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Documents and Settings\Dharmesh\Local Settings\Application Data\Google\Update\1.2.131.11\goopdate (the data entry has 12 more characters). C:\WINDOWS\system32\efmzn.dll CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J" => key removed successfully. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c490062-011a-11e4-aa1e-0019212e3108}" => key removed successfully. HKCR\CLSID\{1c490062-011a-11e4-aa1e-0019212e3108} => key not found. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1facade7-168b-11e5-aa9a-0019212e3108}" => key removed successfully. HKCR\CLSID\{1facade7-168b-11e5-aa9a-0019212e3108} => key not found. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78aeb65e-dc48-11e3-a9b1-0019212e3108}" => key removed successfully. HKCR\CLSID\{78aeb65e-dc48-11e3-a9b1-0019212e3108} => key not found. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae832719-35eb-11e4-aa3d-0019212e3108}" => key removed successfully. HKCR\CLSID\{ae832719-35eb-11e4-aa3d-0019212e3108} => key not found. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca658600-0239-11e4-aa26-0019212e3108}" => key removed successfully. HKCR\CLSID\{ca658600-0239-11e4-aa26-0019212e3108} => key not found. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eef94110-dc4a-11e3-a9b2-0019212e3108}" => key removed successfully. HKCR\CLSID\{eef94110-dc4a-11e3-a9b2-0019212e3108} => key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key removed successfully. HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully. "HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key removed successfully. HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs uliukt => value removed successfully. aswMBR => Service removed successfully. aswVmm => Service removed successfully. "HKU\S-1-5-21-1202660629-413027322-682003330-1003_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}" => key removed successfully. C:\WINDOWS\system32\efmzn.dll => moved successfully. ========= netsh advfirewall reset ========= The following command was not found: advfirewall reset. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= The following command was not found: advfirewall set allprofiles state ON. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the machine in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration An error occured while releasing interface Local Area Connection : The RPC server is unavailable. ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration An error occurred while renewing interface Local Area Connection : The RPC server is unavailable. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= The following command was not found: int ipv4 reset. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= IPv6 is not installed. ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\S-1-5-21-1202660629-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= 'bitsadmin' is not recognized as an internal or external command, operable program or batch file. ========= End of CMD: ========= EmptyTemp: => 365.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 18:47:04 ====