Fix result of Farbar Recovery Scan Tool (x64) Version:23-05-2016 Ran by therj (2016-05-25 03:07:56) Run:1 Running from C:\Users\therj\Downloads Loaded Profiles: therj (Available Profiles: therj) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-1293058104-563644729-2966882924-1001\...\Run: [**vesbwqye<*>] => "C:\Users\therj\AppData\Local\c6e5f\c7acb.lnk" <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-1293058104-563644729-2966882924-1001\...\Run: [UWBmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\therj\AppData\Local\Ektion\djrcuxwg.dll ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File Tcpip\..\Interfaces\{4be0581e-7da6-4a69-867d-dcc3c24a096c}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{4fb4a2f0-0d8c-4c88-8878-f6584ee3bd33}: [DhcpNameServer] 82.163.143.171 Tcpip\..\Interfaces\{9b16c5db-77cc-4282-9568-b2c8b4c98eb1}: [DhcpNameServer] 82.163.143.171 Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} 2016-05-15 01:47 - 2016-05-24 20:47 - 00000296 _____ C:\Windows\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A}.job 2016-05-15 01:47 - 2016-05-15 02:47 - 00000000 ____D C:\Users\therj\AppData\Local\{A80B9E57-8CA3-F2EF-E13B-D707C5532B9F} 2016-05-15 01:47 - 2016-05-15 01:47 - 00002836 _____ C:\Windows\System32\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A} 2016-05-13 22:02 - 2016-05-21 17:19 - 00000000 ____D C:\Users\therj\AppData\Roaming\af384 2016-05-13 22:02 - 2016-05-21 17:16 - 00000000 ____D C:\Users\therj\AppData\Local\c6e5f 2016-05-21 17:16 - 2016-03-28 22:27 - 00000000 ____D C:\Users\therj\AppData\LocalLow\Company 2016-05-21 17:16 - 2016-03-25 18:35 - 00000000 ____D C:\Users\therj\AppData\Local\Ektion Task: {55F15A0D-C99D-43F1-8E60-93241994A1BF} - System32\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A} => C:\Users\therj\AppData\Local\{A80B9~1\UNINST~1.EXE [2013-05-07] () Task: C:\Windows\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A}.job => C:\Users\therj\AppData\Local\c6e5f C:\Users\therj\jogamp_exe_tst9065173612379262270.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKU\S-1-5-21-1293058104-563644729-2966882924-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**vesbwqye<*> => value removed successfully HKU\S-1-5-21-1293058104-563644729-2966882924-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UWBmedia => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4be0581e-7da6-4a69-867d-dcc3c24a096c}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4fb4a2f0-0d8c-4c88-8878-f6584ee3bd33}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b16c5db-77cc-4282-9568-b2c8b4c98eb1}\\DhcpNameServer => value removed successfully "HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSuggestURL => removed successfully C:\Windows\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A}.job => moved successfully C:\Users\therj\AppData\Local\{A80B9E57-8CA3-F2EF-E13B-D707C5532B9F} => moved successfully C:\Windows\System32\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A} => moved successfully C:\Users\therj\AppData\Roaming\af384 => moved successfully C:\Users\therj\AppData\Local\c6e5f => moved successfully C:\Users\therj\AppData\LocalLow\Company => moved successfully C:\Users\therj\AppData\Local\Ektion => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55F15A0D-C99D-43F1-8E60-93241994A1BF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55F15A0D-C99D-43F1-8E60-93241994A1BF}" => key removed successfully C:\Windows\System32\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A} => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{676C695A-249A-CA53-4581-07913CB1F55A}" => key removed successfully Task: C:\Windows\Tasks\{676C695A-249A-CA53-4581-07913CB1F55A}.job => => not found. "C:\Users\therj\AppData\Local\c6e5f" => not found. C:\Users\therj\jogamp_exe_tst9065173612379262270.exe => moved successfully ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1293058104-563644729-2966882924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1293058104-563644729-2966882924-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Ethernet while it has its media disconnected. No operation can be performed on Local Area Connection* 2 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : fdf4:dcf9:2185:c00:f8aa:e2a:e5ca:c8de Temporary IPv6 Address. . . . . . : fdf4:dcf9:2185:c00:cc1a:745f:21d2:8487 Link-local IPv6 Address . . . . . : fe80::f8aa:e2a:e5ca:c8de%5 Default Gateway . . . . . . . . . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:40c:1dd9:c54c:499f Link-local IPv6 Address . . . . . : fe80::40c:1dd9:c54c:499f%3 Default Gateway . . . . . . . . . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Ethernet while it has its media disconnected. No operation can be performed on Local Area Connection* 2 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : fdf4:dcf9:2185:c00:f8aa:e2a:e5ca:c8de Temporary IPv6 Address. . . . . . : fdf4:dcf9:2185:c00:cc1a:745f:21d2:8487 Link-local IPv6 Address . . . . . : fe80::f8aa:e2a:e5ca:c8de%5 IPv4 Address. . . . . . . . . . . : 192.168.1.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:40c:1dd9:c54c:499f Link-local IPv6 Address . . . . . : fe80::40c:1dd9:c54c:499f%3 Default Gateway . . . . . . . . . : Tunnel adapter isatap.{2D438E33-65FB-411D-938F-0B86D3E6EB23}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Interface, OK! Resetting , failed. Access is denied. Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {70022594-18A3-448F-BE32-16C5806CE2EF} canceled. 1 out of 1 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 3 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 03:08:47 ====