API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 11th, 2015
501
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.69 KB | None | 0 0
raw download clone embed print report
  1. Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
  2. Ran by Shinn (2015-08-11 19:52:00) Run:1
  3. Running from C:\Users\Shinn\Desktop
  4. Loaded Profiles: Shinn (Available Profiles: Shinn)
  5. Boot Mode: Normal
  6. ==============================================
  7.  
  8. fixlist content:
  9. *****************
  10. Start
  11. CreateRestorePoint:
  12. CloseProcesses:
  13. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\...\RunOnce: [Uninstall C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
  14. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\...\RunOnce: [Uninstall C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
  15. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  16. AutoConfigURL: [S-1-5-21-3041187145-1702624955-576530130-1001] => http://127.0.0.1:895/proxy.js
  17. SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24432&r=2015/08/08&hid=4460734566924005976&lg=EN&cc=KR&unqvl=90
  18. SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24432&r=2015/08/08&hid=4460734566924005976&lg=EN&cc=KR&unqvl=90
  19. SearchScopes: HKU\S-1-5-21-3041187145-1702624955-576530130-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24432&r=2015/08/08&hid=4460734566924005976&lg=EN&cc=KR&unqvl=90
  20. FF DefaultSearchEngine: WebSearch
  21. FF DefaultSearchEngine,S: WebSearch
  22. FF DefaultSearchEngine.US: Google
  23. FF DefaultSearchUrl: hxxp://websearch.hotsearches.info/?pid=24432&r=2015/08/08&hid=4460734566924005976&lg=EN&cc=KR&unqvl=90&l=1&q=
  24. FF SearchEngineOrder.1: WebSearch
  25. FF SearchEngineOrder.1,S: WebSearch
  26. FF SelectedSearchEngine: WebSearch
  27. FF SelectedSearchEngine,S: WebSearch
  28. FF Keyword.URL: hxxp://websearch.hotsearches.info/?pid=24432&r=2015/08/08&hid=4460734566924005976&lg=EN&cc=KR&unqvl=90&l=1&q=
  29. FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
  30. C:\Windows\system32\npOGPPlugin.dll
  31. FF SearchPlugin: C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\searchplugins\WebSearch.xml [2015-08-08]
  32. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\searchplugins\WebSearch.xml
  33. FF Extension: CutTheePRice - C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\0pC@qQ.edu [2015-08-08]
  34. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\0pC@qQ.edu
  35. FF Extension: bestadblocker - C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\H8vDNxOc9@I.org [2015-08-08]
  36. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\H8vDNxOc9@I.org
  37. CHR Extension: (Google Search) - C:\Users\Shinn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
  38. C:\Users\Shinn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
  39. S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
  40. C:\Windows\SystemRoot\System32\drivers\wfpcapture.sys
  41. 2015-08-08 10:43 - 2015-08-08 12:45 - 00000000 ____D C:\Program Files (x86)\CutTheePRice
  42. 2015-08-08 10:43 - 2015-08-08 10:44 - 00000000 ____D C:\ProgramData\17097366940260626710
  43. 2015-08-08 10:43 - 2015-08-08 10:43 - 00000000 ____D C:\ProgramData\kfananklbdfohobgmcmaibfblmojiidg
  44. 2015-07-24 19:33 - 2015-03-15 16:58 - 00000000 __SHD C:\Users\Shinn\AppData\Local\EmieBrowserModeList
  45. 2015-07-24 19:33 - 2015-03-13 15:48 - 00000000 __SHD C:\Users\Shinn\AppData\Local\EmieUserList
  46. 2015-07-24 19:33 - 2015-03-13 15:48 - 00000000 __SHD C:\Users\Shinn\AppData\Local\EmieSiteList
  47. Task: {1579EF0F-439A-4EE0-83DE-662F4CF852FA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
  48. Task: {3C011808-7620-4A1E-9651-4933825056C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
  49. Task: {5110DCDB-2993-4BD1-B51F-B0773C56F797} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
  50. Task: {57C1E4A3-A95D-41B5-89EF-14543984AD1C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
  51. Task: {6323AF09-B618-414A-9CDE-057AAB7ABC64} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
  52. Task: {89ED02E4-762D-4D75-AA0D-4647A74D116B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
  53. Task: {A60564C3-76EB-4046-B9A6-2F42426C5F39} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
  54. Task: {C4925C04-5798-4454-AE9F-23E6657E744A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
  55. Task: {D5EF8FC5-A86A-4878-BEF6-DE85FD1DA499} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
  56. Task: {DAF653FB-0D0D-40D2-9465-176DCAEE23BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
  57. Task: {EB1E539B-EFCA-4267-A457-4062952E2DF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
  58. cmd: ipconfig /flushdns
  59. cmd: netsh advfirewall reset
  60. cmd: netsh advfirewall set allprofiles state on
  61. Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
  62. Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
  63. CMD: bitsadmin /reset /allusers
  64. RemoveProxy:
  65. EmptyTemp:
  66. Reboot:
  67. end
  68.  
  69. *****************
  70.  
  71. Restore point was successfully created.
  72. Processes closed successfully.
  73. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value not found.
  74. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Shinn\AppData\Local\Microsoft\OneDrive\17.3.5892.0626 => value not found.
  75. "HKLM\SOFTWARE\Policies\Google" => key removed successfully
  76. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
  77. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
  78. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
  79. HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
  80. "HKU\S-1-5-21-3041187145-1702624955-576530130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
  81. HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
  82. Firefox DefaultSearchEngine removed successfully
  83. Firefox DefaultSearchEngine,S removed successfully
  84. Firefox DefaultSearchEngine.US removed successfully
  85. Firefox DefaultSearchUrl removed successfully
  86. Firefox SearchEngineOrder.1 removed successfully
  87. Firefox SearchEngineOrder.1,S removed successfully
  88. Firefox SelectedSearchEngine removed successfully
  89. Firefox SelectedSearchEngine,S removed successfully
  90. Firefox "Keyword.URL" removed successfully
  91. "HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully
  92. "C:\Windows\system32\npOGPPlugin.dll" => File/Folder not found.
  93. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\searchplugins\WebSearch.xml => moved successfully.
  94. "C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\searchplugins\WebSearch.xml" => File/Folder not found.
  95. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\0pC@qQ.edu => moved successfully.
  96. "C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\0pC@qQ.edu" => File/Folder not found.
  97. C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\H8vDNxOc9@I.org => moved successfully.
  98. "C:\Users\Shinn\AppData\Roaming\Mozilla\Firefox\Profiles\jqwy2eop.default\Extensions\H8vDNxOc9@I.org" => File/Folder not found.
  99. C:\Users\Shinn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully.
  100. "C:\Users\Shinn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf" => File/Folder not found.
  101. wfpcapture => service removed successfully
  102. "C:\Windows\SystemRoot\System32\drivers\wfpcapture.sys" => File/Folder not found.
  103. C:\Program Files (x86)\CutTheePRice => moved successfully.
  104. C:\ProgramData\17097366940260626710 => moved successfully.
  105. C:\ProgramData\kfananklbdfohobgmcmaibfblmojiidg => moved successfully.
  106. C:\Users\Shinn\AppData\Local\EmieBrowserModeList => moved successfully.
  107. C:\Users\Shinn\AppData\Local\EmieUserList => moved successfully.
  108. C:\Users\Shinn\AppData\Local\EmieSiteList => moved successfully.
  109. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1579EF0F-439A-4EE0-83DE-662F4CF852FA}" => key removed successfully
  110. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1579EF0F-439A-4EE0-83DE-662F4CF852FA}" => key removed successfully
  111. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
  112. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C011808-7620-4A1E-9651-4933825056C4}" => key removed successfully
  113. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C011808-7620-4A1E-9651-4933825056C4}" => key removed successfully
  114. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
  115. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5110DCDB-2993-4BD1-B51F-B0773C56F797}" => key removed successfully
  116. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5110DCDB-2993-4BD1-B51F-B0773C56F797}" => key removed successfully
  117. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
  118. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57C1E4A3-A95D-41B5-89EF-14543984AD1C}" => key removed successfully
  119. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57C1E4A3-A95D-41B5-89EF-14543984AD1C}" => key removed successfully
  120. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
  121. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6323AF09-B618-414A-9CDE-057AAB7ABC64}" => key removed successfully
  122. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6323AF09-B618-414A-9CDE-057AAB7ABC64}" => key removed successfully
  123. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
  124. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89ED02E4-762D-4D75-AA0D-4647A74D116B}" => key removed successfully
  125. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89ED02E4-762D-4D75-AA0D-4647A74D116B}" => key removed successfully
  126. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
  127. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A60564C3-76EB-4046-B9A6-2F42426C5F39}" => key removed successfully
  128. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A60564C3-76EB-4046-B9A6-2F42426C5F39}" => key removed successfully
  129. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
  130. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4925C04-5798-4454-AE9F-23E6657E744A}" => key removed successfully
  131. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4925C04-5798-4454-AE9F-23E6657E744A}" => key removed successfully
  132. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
  133. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5EF8FC5-A86A-4878-BEF6-DE85FD1DA499}" => key removed successfully
  134. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5EF8FC5-A86A-4878-BEF6-DE85FD1DA499}" => key removed successfully
  135. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
  136. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAF653FB-0D0D-40D2-9465-176DCAEE23BB}" => key removed successfully
  137. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAF653FB-0D0D-40D2-9465-176DCAEE23BB}" => key removed successfully
  138. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
  139. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB1E539B-EFCA-4267-A457-4062952E2DF2}" => key removed successfully
  140. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB1E539B-EFCA-4267-A457-4062952E2DF2}" => key removed successfully
  141. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
  142.  
  143. ========= ipconfig /flushdns =========
  144.  
  145.  
  146. Windows IP Configuration
  147.  
  148. Successfully flushed the DNS Resolver Cache.
  149.  
  150. ========= End of CMD: =========
  151.  
  152.  
  153. ========= netsh advfirewall reset =========
  154.  
  155. Ok.
  156.  
  157.  
  158. ========= End of CMD: =========
  159.  
  160.  
  161. ========= netsh advfirewall set allprofiles state on =========
  162.  
  163. Ok.
  164.  
  165.  
  166. ========= End of CMD: =========
  167.  
  168.  
  169. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
  170.  
  171. The operation completed successfully.
  172.  
  173.  
  174.  
  175. ========= End of Reg: =========
  176.  
  177.  
  178. ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
  179.  
  180. The operation completed successfully.
  181.  
  182.  
  183.  
  184. ========= End of Reg: =========
  185.  
  186.  
  187. ========= bitsadmin /reset /allusers =========
  188.  
  189.  
  190. BITSADMIN version 3.0 [ 7.8.10240 ]
  191. BITS administration utility.
  192. (C) Copyright 2000-2006 Microsoft Corp.
  193.  
  194. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
  195. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
  196.  
  197. {B444D79D-7895-455C-8D62-3057BBBE3E10} canceled.
  198. {7B20FF81-F986-429A-A2B7-950FF187EB99} canceled.
  199. 2 out of 2 jobs canceled.
  200.  
  201. ========= End of CMD: =========
  202.  
  203.  
  204. ========= RemoveProxy: =========
  205.  
  206. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
  207. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
  208. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
  209. HKU\S-1-5-21-3041187145-1702624955-576530130-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
  210.  
  211.  
  212. ========= End of RemoveProxy: =========
  213.  
  214. EmptyTemp: => 15.3 GB temporary data Removed.
  215.  
  216.  
  217. The system needed a reboot..
  218.  
  219. ==== End of Fixlog 19:54:17 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!