Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018 Ran by admin (12-12-2018 03:53:13) Run:1 Running from C:\Users\admin\Desktop Loaded Profiles: admin (Available Profiles: admin) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\Policies\Explorer: [] HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\MountPoints2: {2c8743b9-bcf7-11e8-b42c-18a6f71d213b} - "G:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\MountPoints2: {6a97a3cf-cf9e-11e6-b3cd-4ccc6a647d23} - "G:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\MountPoints2: {d04696dc-acad-11e6-b3c0-806e6f6e6963} - "E:\DVDSetup.exe" HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd) HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\...\Policies\Explorer: [] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8d9a6f2b-31ff-4cfa-a1af-9679dd526eff}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ce5951d1-fdcc-4b6d-a5e0-619d1667c699}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{ce5951d1-fdcc-4b6d-a5e0-619d1667c699}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f872d99d-ceb8-45ed-b934-3346e310ec4f}: [DhcpNameServer] 192.168.42.129 HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-09-16] (Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-16] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-16] (Oracle Corporation) CHR HomePage: Default -> home.psafe.com CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-08-19] () [File not signed] S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X] S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] 2018-12-09 18:57 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp Task: {3AF433BB-51A8-4714-B3BD-E2DF2A7BF874} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {41ED39AF-DB0E-43A6-9C9F-B7C15DB021D3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\Users\Public\AppData:CSM [486] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478] FirewallRules: [TCP Query User{A3B71521-4302-43FB-B372-00AC36B882C3}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe FirewallRules: [UDP Query User{090F7D85-AA67-496A-A531-AAD4CC2D72DF}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe FirewallRules: [TCP Query User{6E4E716C-BA94-4CA8-99EB-215696453E57}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe FirewallRules: [UDP Query User{4C255010-5B70-47C7-A241-B941CB456175}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe FirewallRules: [TCP Query User{C9354F4B-5303-4C3B-A001-4AA996AD34A3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{BAB7CA6A-D83F-4C73-A8BD-8346FB36D700}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{47397816-7C1B-44C3-B871-FFD879F836DB}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{804C13E6-2FDF-4C9B-90E0-722D693AC46F}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe CMD: ipconfig /flushdns CMD: ipconfig /renew CMD: bitsadmin /reset /allusers CMD: netsh winsock reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: Hosts: END ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\XboxStat" => removed successfully HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8743b9-bcf7-11e8-b42c-18a6f71d213b} => removed successfully HKLM\Software\Classes\CLSID\{2c8743b9-bcf7-11e8-b42c-18a6f71d213b} => not found HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a97a3cf-cf9e-11e6-b3cd-4ccc6a647d23} => removed successfully HKLM\Software\Classes\CLSID\{6a97a3cf-cf9e-11e6-b3cd-4ccc6a647d23} => not found HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d04696dc-acad-11e6-b3c0-806e6f6e6963} => removed successfully HKLM\Software\Classes\CLSID\{d04696dc-acad-11e6-b3c0-806e6f6e6963} => not found "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => not found "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8d9a6f2b-31ff-4cfa-a1af-9679dd526eff}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ce5951d1-fdcc-4b6d-a5e0-619d1667c699}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ce5951d1-fdcc-4b6d-a5e0-619d1667c699}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f872d99d-ceb8-45ed-b934-3346e310ec4f}\\DhcpNameServer" => removed successfully "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.181.2 => removed successfully C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll => moved successfully HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2 => removed successfully C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll => moved successfully HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.181.2 => removed successfully C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll => moved successfully HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2 => removed successfully C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll => moved successfully "Chrome HomePage" => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully HKLM\System\CurrentControlSet\Services\ASGT => removed successfully ASGT => service removed successfully HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully Service KMSELDI => service removed successfully HKLM\System\CurrentControlSet\Services\nvvhci => removed successfully nvvhci => service removed successfully C:\WINDOWS\CbsTemp => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AF433BB-51A8-4714-B3BD-E2DF2A7BF874}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AF433BB-51A8-4714-B3BD-E2DF2A7BF874}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41ED39AF-DB0E-43A6-9C9F-B7C15DB021D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41ED39AF-DB0E-43A6-9C9F-B7C15DB021D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully C:\Users\Public\AppData => ":CSM" ADS removed successfully C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A3B71521-4302-43FB-B372-00AC36B882C3}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{090F7D85-AA67-496A-A531-AAD4CC2D72DF}C:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E4E716C-BA94-4CA8-99EB-215696453E57}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C255010-5B70-47C7-A241-B941CB456175}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C9354F4B-5303-4C3B-A001-4AA996AD34A3}C:\program files (x86)\arduino\java\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BAB7CA6A-D83F-4C73-A8BD-8346FB36D700}C:\program files (x86)\arduino\java\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{47397816-7C1B-44C3-B871-FFD879F836DB}C:\program files (x86)\arduino\java\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{804C13E6-2FDF-4C9B-90E0-722D693AC46F}C:\program files (x86)\arduino\java\bin\javaw.exe" => removed successfully ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows Error al renovar la interfaz Ethernet : El nombre especificado en el bloque de control de red (NCB) est  en uso en un adaptador remoto. El NCB son los datos. No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios est‚n desconectados. No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 2 mientras los medios est‚n desconectados. No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios est‚n desconectados. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-2724099115-3414142137-1855297140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 184400278 B Java, Flash, Steam htmlcache => 365563538 B Windows/system/drivers => 19857 B Edge => 21676 B Chrome => 419314713 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 3142 B LocalService => 5522 B LocalService => 0 B NetworkService => 0 B NetworkService => 0 B admin => 20004293 B RecycleBin => 158090 B EmptyTemp: => 953.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 03:55:09 ====