Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022 02 Ran by Alex (17-08-2022 12:20:18) Run:1 Running from C:\Users\Alex\Desktop Loaded Profiles: Alex Boot Mode: Normal ============================================== fixlist content: ***************** Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {6244020C-4D04-49B4-9AC9-C1653AEBFF25} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed] <==== ATTENTION Task: {A436DD53-A159-47CB-841C-D14A881B1F35} - \KMSpico Automatic Update Scheduler -> No File <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/ <==== ATTENTION AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/ <==== ATTENTION Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4C8F04C4-E275-4E52-9DF5-045381FDA666}: [NameServer] 8.8.8.8,4.4.4.4 Tcpip\..\Interfaces\{4C8F04C4-E275-4E52-9DF5-045381FDA666}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7704E33B-A935-419F-A8E4-D46FE6D28A51}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{7704E33B-A935-419F-A8E4-D46FE6D28A51}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{80F002FA-A840-403A-8435-1CB022271DAA}: [DhcpNameServer] 8.8.8.8 1.1.1.1 Tcpip\..\Interfaces\{921152AE-FF2B-4FBC-9D13-5BD368C8C4DD}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{993CB13E-E44A-417B-B786-54A8C43F7936}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{CA843557-D6F5-4991-BAE3-246922548944}: [DhcpNameServer] 192.168.0.1 ManualProxies: 0hxxp://127.0.0.1:86/ <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge HKU\S-1-5-21-737693840-413745377-1450863732-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=sy&ts=1434994428&z=ed63a2e13251f22108f1e5bg5z9c1z2t4tezbz9oez&from=pcm&uid=ST3500312CS_6VV526XQXXXX6VV526XQ CHR StartupUrls: Default -> "","hxxp://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1434994411&z=3e8ade62bbc032ace7a34c0g7zbcfz0t1t4z2z8e6m&from=pcm&uid=ST3500312CS_6VV526XQXXXX6VV526XQ","hxxps://www.google.com/?trackid=sp-006","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBX0kBHQkBU..&v=20160615&uid=E40A9D47D026362555ABE319519F2A97&ptid=csdi&mode=loadm","hxxp://do-search.com/?type=hp&ts=1425924775&from=cor&uid=TOSHIBAXMK3259GSXP_42G2P17DTXX42G2P17DT","hxxps://www.google.com/" S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] Folder: C:\Program Files\KMSpico Hosts: RemoveProxy: CMD: sfc /scannow CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: netsh winhttp reset proxy CMD: Bitsadmin /Reset /Allusers CMD: Winmgmt /salvagerepository CMD: Winmgmt /resetrepository CMD: winmgmt /resyncperf CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R C:\WINDOWS\SysWOW64\*.tmp C:\WINDOWS\System32\*.tmp C:\Windows\SystemTemp\*.tmp EmptyTemp: End: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. HKLM\SOFTWARE\Policies\Google => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6244020C-4D04-49B4-9AC9-C1653AEBFF25}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6244020C-4D04-49B4-9AC9-C1653AEBFF25}" => removed successfully C:\Windows\System32\Tasks\Optimize Thumbnail Cache => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Thumbnail Cache" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A436DD53-A159-47CB-841C-D14A881B1F35}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A436DD53-A159-47CB-841C-D14A881B1F35}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSpico Automatic Update Scheduler" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C8F04C4-E275-4E52-9DF5-045381FDA666}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C8F04C4-E275-4E52-9DF5-045381FDA666}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7704E33B-A935-419F-A8E4-D46FE6D28A51}\\NameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7704E33B-A935-419F-A8E4-D46FE6D28A51}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80F002FA-A840-403A-8435-1CB022271DAA}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{921152AE-FF2B-4FBC-9D13-5BD368C8C4DD}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{993CB13E-E44A-417B-B786-54A8C43F7936}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CA843557-D6F5-4991-BAE3-246922548944}\\DhcpNameServer" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully HKU\S-1-5-21-737693840-413745377-1450863732-1000\SOFTWARE\Microsoft\Edge\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm => removed successfully "HKLM\Software\Mozilla\Firefox\Extensions\\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com" => removed successfully "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com" => removed successfully HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully "Chrome HomePage" => removed successfully "Chrome StartupUrls" => removed successfully HKLM\System\CurrentControlSet\Services\Rockstar Service => removed successfully Rockstar Service => service removed successfully HKLM\System\CurrentControlSet\Services\VGPU => removed successfully VGPU => service removed successfully HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully xhunter1 => service removed successfully ========================= Folder: C:\Program Files\KMSpico ======================== 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files\KMSpico\DM.bin 2022-03-12 21:00 - 2022-03-12 21:00 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files\KMSpico\unp36477867.tmp 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files\KMSpico\TokensBackup 2021-05-06 11:24 - 2021-05-06 11:24 - 000000050 ____A [7F934D96AA1999A012B1812E473C34BE] () C:\Program Files\KMSpico\TokensBackup\Keys.txt 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files\KMSpico\TokensBackup\Office 2021-05-06 11:24 - 2021-04-27 16:42 - 007539208 ____A [36663D426330C117217CC5D42D1AAEB9] () C:\Program Files\KMSpico\TokensBackup\Office\tokens.dat 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files\KMSpico\TokensBackup\Office\Cache 2021-05-06 11:24 - 2021-05-03 01:09 - 000254280 ____A [8193903116817463C60144817EFB78F2] () C:\Program Files\KMSpico\TokensBackup\Office\Cache\cache.dat 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files\KMSpico\TokensBackup\Windows 2021-05-06 11:24 - 2019-12-31 00:24 - 001069580 ____A [75427C5EA6A61EE69FF47949AABBB969] () C:\Program Files\KMSpico\TokensBackup\Windows\pkeyconfig.xrm-ms 2021-05-06 11:24 - 2021-02-02 23:12 - 010682486 ____A [7FB40AC65EDB777970B37A8D346A67EB] () C:\Program Files\KMSpico\TokensBackup\Windows\tokens.dat 2021-05-06 11:24 - 2021-05-06 11:24 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files\KMSpico\TokensBackup\Windows\Cache 2021-05-06 11:24 - 2021-04-25 12:40 - 000184280 ____A [3BA84B214F233D8FAF4ABA75DE039894] () C:\Program Files\KMSpico\TokensBackup\Windows\Cache\cache.dat ====== End of Folder: ====== C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-737693840-413745377-1450863732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-737693840-413745377-1450863732-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. Beginning verification phase of system scan. Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete. Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Deployment Image Servicing and Management tool Version: 6.1.7601.24499 Image Version: 6.1.7601.24499 Error: 87 The restorehealth option is not recognized in this context. For more information, refer to the help. The DISM log file can be found at C:\Windows\Logs\DISM\dism.log ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= netsh winhttp reset proxy ========= Current WinHTTP proxy settings: Direct access (no proxy server). ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {5AA69AAF-AAEB-436E-87D4-F135D2BC3D5C} canceled. {EC74D9DC-0B54-4837-AB6B-5969F0AFCC15} canceled. {C6449843-A66B-4EC3-B3E8-B38D88E39C7B} canceled. {8FE47812-A40E-47DA-B4C4-41E37DCC9D00} canceled. {A677D658-BB1B-49FF-96A1-CF73ABFCF798} canceled. 5 out of 5 jobs canceled. ========= End of CMD: ========= ========= Winmgmt /salvagerepository ========= WMI repository is consistent ========= End of CMD: ========= ========= Winmgmt /resetrepository ========= WMI repository has been reset ========= End of CMD: ========= ========= winmgmt /resyncperf ========= 0 ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= =========== "C:\WINDOWS\SysWOW64\*.tmp" ========== not found ========= End -> "C:\WINDOWS\SysWOW64\*.tmp" ======== =========== "C:\WINDOWS\System32\*.tmp" ========== not found ========= End -> "C:\WINDOWS\System32\*.tmp" ======== =========== "C:\Windows\SystemTemp\*.tmp" ========== not found ========= End -> "C:\Windows\SystemTemp\*.tmp" ======== =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8073023 B Java, Discord, Steam htmlcache => 765636971 B Windows/system/drivers => 205503318 B Edge => 0 B Chrome => 1439695720 B Firefox => 0 B Opera => 6704923 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16674 B systemprofile32 => 83177 B LocalService => 83305 B NetworkService => 107829 B Alex => 346587905 B RecycleBin => 767562189 B EmptyTemp: => 3.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:38:09 ====