Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019 Ran by Guillermo (07-12-2019 17:21:11) Run:2 Running from C:\Users\Guillermo\Desktop Loaded Profiles: Guillermo (Available Profiles: Guillermo) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** START CREATERESTOREPOINT: CLOSEPROCESSES: HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180736 2019-10-03] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {26D99536-2074-4167-8E81-DDD919F25CDB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {6635A74D-A392-4702-B62C-EF1B166D9772} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {7C72E093-CC06-4B4C-A5E5-AF6109DCEE3D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Guillermo\Downloads\esetonlinescanner_esn.exe [8162616 2019-12-05] (ESET, spol. s r.o. -> ESET spol. s r.o.) Task: {A538358E-3BE8-4824-A191-0AE0684839F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {A97DE738-AA14-4569-AC9F-207C3FE6C9BE} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [5733888 2019-09-08] () [File not signed] Task: {FDA33CF5-0F23-4D10-B701-622925007DBC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Guillermo\Downloads\esetonlinescanner_esn.exe [8162616 2019-12-05] (ESET, spol. s r.o. -> ESET spol. s r.o.) CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.ar/?gfe_rd=cr&ei=jUAOWJmjJpSDxgT8mYFg&gws_rd=ssl","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/" CHR Extension: (Tomatoes) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijbhneeenepenoolcdalnekggeialeo [2018-05-21] CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-14] CHR Extension: (Sci-Hub) - C:\Users\Guillermo\Downloads\Sci-Hub\Sci-Hub [2019-03-01] [UpdateUrl:hxxps://sci-hub.se/update] <==== ATTENTION CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-04] CHR HKU\S-1-5-21-1651002052-1764723500-360319929-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attributes [778] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attrs [58] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.internal [284] HOSTS: REMOVEPROXY: EMPTYTEMP: CMD: netsh winsock reset CMD: ipconfig /renew CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset END ***************** Error: Restore point can only be created in normal mode. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\egui" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray" => not found HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26D99536-2074-4167-8E81-DDD919F25CDB}" => not found "C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6635A74D-A392-4702-B62C-EF1B166D9772}" => not found "C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C72E093-CC06-4B4C-A5E5-AF6109DCEE3D}" => not found "C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A538358E-3BE8-4824-A191-0AE0684839F4}" => not found "C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97DE738-AA14-4569-AC9F-207C3FE6C9BE}" => not found "C:\WINDOWS\System32\Tasks\AutoKMS" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDA33CF5-0F23-4D10-B701-622925007DBC}" => not found "C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => not found "Chrome StartupUrls" => removed successfully CHR Extension: (Tomatoes) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijbhneeenepenoolcdalnekggeialeo [2018-05-21] => Error: No automatic fix found for this entry. CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-14] => Error: No automatic fix found for this entry. CHR Extension: (Sci-Hub) - C:\Users\Guillermo\Downloads\Sci-Hub\Sci-Hub [2019-03-01] [UpdateUrl:hxxps://sci-hub.se/update] <==== ATTENTION => Error: No automatic fix found for this entry. CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-04] => Error: No automatic fix found for this entry. HKU\S-1-5-21-1651002052-1764723500-360319929-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully "C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg" => ":com.dropbox.attributes" ADS not found. "C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg" => ":com.dropbox.attrs" ADS not found. "C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg" => ":com.dropbox.internal" ADS not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1651002052-1764723500-360319929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1651002052-1764723500-360319929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= ========= netsh winsock reset ========= El cat logo Winsock se restableci¢ correctamente. Debe reiniciar el equipo para completar el restablecimiento. ========= End of CMD: ========= ========= ipconfig /renew ========= Configuraci¢n IP de Windows No se puede realizar ninguna operaci¢n en Ethernet mientras los medios est‚n desconectados. No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios est‚n desconectados. Adaptador de Ethernet Ethernet: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1: Estado de los medios. . . . . . . . . . . : medios desconectados Sufijo DNS espec¡fico para la conexi¢n. . : Adaptador de LAN inal mbrica Wi-Fi: Sufijo DNS espec¡fico para la conexi¢n. . : fibertel.com.ar V¡nculo: direcci¢n IPv6 local. . . : fe80::2964:dafe:1f6f:3576%11 Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.5 M scara de subred . . . . . . . . . . . . : 255.255.255.0 Puerta de enlace predeterminada . . . . . : 192.168.0.1 ========= End of CMD: ========= ========= ipconfig /flushdns ========= Configuraci¢n IP de Windows Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. Unable to connect to BITS - 0x8007043c ========= End of CMD: ========= ========= netsh advfirewall reset ========= Aceptar ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Aceptar ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reenv¡o de compartimiento se restableci¢ correctamente. Compartimiento se restableci¢ correctamente. Protocolo de control se restableci¢ correctamente. Solicitud de secuencia eco se restableci¢ correctamente. Global se restableci¢ correctamente. Interfaz se restableci¢ correctamente. Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente. Direcciones de multidifusi¢n se restableci¢ correctamente. Direcci¢n de unidifusi¢n se restableci¢ correctamente. Vecino se restableci¢ correctamente. Ruta de acceso se restableci¢ correctamente. Posible se restableci¢ correctamente. Directiva de prefijo se restableci¢ correctamente. Vecino de proxy se restableci¢ correctamente. Ruta se restableci¢ correctamente. Prefijo de sitio se restableci¢ correctamente. Subinterfaz se restableci¢ correctamente. Patr¢n de reactivaci¢n se restableci¢ correctamente. Resolver vecino se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Error al restablecer . Acceso denegado. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. se restableci¢ correctamente. Reinicie el equipo para completar esta acci¢n. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9509242 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 1843 B Edge => 0 B Chrome => 88265562 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 12994 B NetworkService => 12994 B Guillermo => 84125035 B RecycleBin => 0 B EmptyTemp: => 183.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:22:49 ====