Fix result of Farbar Recovery Scan Tool (x64) Version: 24.12.2018 Ran by David (27-12-2018 12:18:38) Run:1 Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4rGfY6r1a_Cq1LewHpKF9HzE7w4y6wOGloPUCqFCmGw7yrCAFIiEvxkgQGKDVrUH0xl1fQ2SIJKIbDfxWOv_zYuPo2 SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} SearchScopes: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> No File FF Homepage: Mozilla\Firefox\Profiles\rmhjc8qi.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\rmhjc8qi.default -> file:///C:/ProgramData/Quoteexs/ff.NT CHR Extension: (Adblocker for Youtube�) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjokomechjchekkcnccjpmgakmjgoaom [2018-12-24] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx U3 iswSvc; no ImagePath 2018-12-24 11:27 - 2018-12-25 18:41 - 000000000 ____D C:\ProgramData\{F5715929-EA18-3B79-60F7-FAB76010A3E6} 2018-12-24 11:27 - 2018-12-25 18:41 - 000000000 ____D C:\ProgramData\{62DC85E0-36D1-ACD4-A92B-5720A9CC0E71} 2018-12-24 11:27 - 2018-12-24 16:39 - 000000000 ____D C:\Program Files (x86)\VKkhWVSisIE 2018-12-24 11:27 - 2018-12-24 15:19 - 000000000 ____D C:\Users\David\AppData\Roaming\3nvzevtk1hn 2018-12-24 11:27 - 2018-12-24 12:55 - 000000000 ____D C:\Users\David\AppData\Roaming\ObFUv 2018-12-24 11:27 - 2018-12-24 12:21 - 000000000 ____D C:\Users\David\AppData\Local\Maurice 2018-12-24 11:27 - 2018-12-24 12:21 - 000000000 ____D C:\Program Files\7EDJF3RO2C 2018-12-24 11:27 - 2018-12-24 12:09 - 000000000 ____D C:\ProgramData\BuHcEEPgNwocAWVB 2018-12-24 11:27 - 2018-12-24 12:05 - 000000000 ____D C:\Program Files (x86)\utzZkkanmIUn 2018-12-24 11:27 - 2018-12-24 12:05 - 000000000 ____D C:\Program Files (x86)\qUgzYKxVLnesC 2018-12-24 11:27 - 2018-12-24 12:04 - 000000000 ____D C:\Program Files (x86)\ooxzIAzTqruiVIszQdR 2018-12-24 11:27 - 2018-12-24 12:03 - 000000000 ____D C:\Program Files (x86)\hUmbquBpttZU2 2018-12-24 11:27 - 2018-12-24 12:03 - 000000000 ____D C:\Program Files (x86)\fHDlqDVwU 2018-12-24 11:27 - 2018-12-24 11:41 - 000000000 ____D C:\Users\David\AppData\Roaming\CRMSvc 2018-12-24 11:27 - 2018-12-24 11:27 - 000003310 _____ C:\WINDOWS\System32\Tasks\ugbHS 2018-12-24 11:27 - 2018-12-24 11:27 - 000003212 _____ C:\WINDOWS\System32\Tasks\mMzvDpxKxjJVUr 2018-12-24 11:27 - 2018-12-24 11:27 - 000003044 _____ C:\WINDOWS\System32\Tasks\UXshqEpiPQcXH2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003034 _____ C:\WINDOWS\System32\Tasks\DvwLFWwXutwLxJgmB2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003026 _____ C:\WINDOWS\System32\Tasks\iYMvCriySoqaGgPjbmR2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003008 _____ C:\WINDOWS\System32\Tasks\SOVqgpLsuXhFCxp2 2018-12-24 11:27 - 2018-12-24 11:27 - 000000000 ____D C:\Program Files (x86)\bubans 2018-12-24 11:26 - 2018-12-24 12:21 - 000000000 ____D C:\Program Files (x86)\AZMD 2018-12-24 11:26 - 2018-12-24 11:33 - 000000000 ____D C:\Program Files (x86)\TweakMASTR 2018-12-24 11:23 - 2018-12-24 16:40 - 000000000 ____D C:\ProgramData\Quoteex 2018-12-24 11:23 - 2018-12-24 11:23 - 002035931 _____ C:\Users\David\AppData\Local\Unosing.tst 2018-12-24 11:23 - 2018-12-24 11:23 - 000070896 _____ C:\Users\David\AppData\Local\Config.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000015602 _____ C:\WINDOWS\SysWOW64\findit.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000005568 _____ C:\Users\David\AppData\Local\md.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000003712 _____ C:\WINDOWS\System32\Tasks\snp 2018-12-24 11:23 - 2018-12-24 11:23 - 000003300 _____ C:\WINDOWS\System32\Tasks\snf 2018-12-24 11:23 - 2018-12-24 11:23 - 000000000 ____D C:\ProgramData\Quoteexs 2018-12-24 11:22 - 2018-12-24 12:21 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 2018-12-24 11:22 - 2018-12-24 11:23 - 000016416 _____ C:\Users\David\AppData\Local\InstallationConfiguration.xml 2018-12-24 11:22 - 2018-12-24 11:22 - 000722944 _____ C:\Users\David\AppData\Local\sham.db 2018-12-24 11:22 - 2018-12-24 11:22 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Roaming\Microleaves 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Local\ESET 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Local\AdvinstAnalytics 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\ProgramData\Blogger 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Program Files (x86)\Microleaves 2018-12-24 11:18 - 2018-12-24 11:22 - 000000000 ____D C:\ProgramData\Msa 2018-12-23 13:59 - 2018-12-24 16:39 - 000000000 ____D C:\Users\David\Downloads\ESET NOD32 Antivirus, Smart Security, Internet Security 10.0.386.0 + License Keys [SadeemPC] 2018-12-23 13:37 - 2018-12-23 13:37 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts 2018-12-23 13:34 - 2018-12-24 11:01 - 000000000 ____D C:\Program Files (x86)\CheckPoint 2018-12-23 13:33 - 2018-12-24 10:59 - 000000000 ____D C:\ProgramData\CheckPoint 2018-12-22 18:56 - 2018-12-23 13:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-12-22 18:54 - 2018-12-22 18:55 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-12-21 18:08 - 2018-12-21 18:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} CustomCLSID: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7FCB8A6F166E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File Task: {264A8A23-554E-4AAF-A41A-49AE1A388FA4} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files (x86)\hUmbquBpttZU2\CpagFSVROGPeT.dll",#1 Task: {63B0162A-473D-4C1B-B077-2218DFD3EC3C} - System32\Tasks\UXshqEpiPQcXH2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\CsvqYPw.wsf" Task: {96B7E7AA-A566-4FDE-BCDD-96F10D22FC56} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files (x86)\ooxzIAzTqruiVIszQdR\LdBunKR.dll",#1 Task: {99ED4113-D437-4D67-9CEE-59DD097D6901} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {A1938C70-A9F8-4624-847A-0553F21D80EA} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION Task: {A61FB639-3373-4478-84CC-0E017299A1DE} - System32\Tasks\SOVqgpLsuXhFCxp2 => rundll32 "C:\Program Files (x86)\fHDlqDVwU\pgSRGe.dll",#1 Task: {D0296985-5EC2-4A6C-AE7C-61FF5DAF4624} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files (x86)\qUgzYKxVLnesC\JjWYUDw.dll",#1 Task: {E041D5B2-4FCF-4505-8AE9-0A1CECFFC8DD} - System32\Tasks\ugbHS => C:\Users\David\AppData\Roaming\ObFUv\ugbHS.vbs [2018-12-24] () Task: {F758A787-FEF7-44C2-B497-0F4313631815} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% FirewallRules: [{1E926E51-C41F-49F5-9879-8C7C95D11026}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{0E0E1D17-4B6E-492B-A56A-B177681A3C87}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{2C15E19E-4BC2-4D36-836B-B977472B539C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{374B12F6-C17B-4302-8A4F-AD59F3BF2FDC}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{1974CC7B-0B87-41B1-A870-979FE9F70AE5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File FirewallRules: [{98CB0A46-BE1A-4777-A9B0-13780F6FD213}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File FirewallRules: [{7C625CC1-D1DA-4777-9B9F-D16ED0A36869}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File FirewallRules: [{92E5F252-11FB-4BE2-8EDE-B33C3C4CCECC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{C8E3519D-47D5-475E-9A17-59BBEFD6F16D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{8FB88A15-C10E-460C-ACE6-C02BC4A5EE5F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{D7E89D65-F769-4A04-864B-4F26B5A4D2A0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => removed successfully HKLM\Software\Classes\CLSID\{ielnksrch} => not found HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully HKLM\Software\Classes\CLSID\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully "Firefox homepage" => removed successfully "Firefox newtab" => removed successfully CHR Extension: (Adblocker for Youtube�) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjokomechjchekkcnccjpmgakmjgoaom [2018-12-24] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl => removed successfully HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully iswSvc => service removed successfully C:\ProgramData\{F5715929-EA18-3B79-60F7-FAB76010A3E6} => moved successfully C:\ProgramData\{62DC85E0-36D1-ACD4-A92B-5720A9CC0E71} => moved successfully C:\Program Files (x86)\VKkhWVSisIE => moved successfully C:\Users\David\AppData\Roaming\3nvzevtk1hn => moved successfully C:\Users\David\AppData\Roaming\ObFUv => moved successfully C:\Users\David\AppData\Local\Maurice => moved successfully C:\Program Files\7EDJF3RO2C => moved successfully C:\ProgramData\BuHcEEPgNwocAWVB => moved successfully C:\Program Files (x86)\utzZkkanmIUn => moved successfully C:\Program Files (x86)\qUgzYKxVLnesC => moved successfully C:\Program Files (x86)\ooxzIAzTqruiVIszQdR => moved successfully C:\Program Files (x86)\hUmbquBpttZU2 => moved successfully C:\Program Files (x86)\fHDlqDVwU => moved successfully C:\Users\David\AppData\Roaming\CRMSvc => moved successfully C:\WINDOWS\System32\Tasks\ugbHS => moved successfully C:\WINDOWS\System32\Tasks\mMzvDpxKxjJVUr => moved successfully C:\WINDOWS\System32\Tasks\UXshqEpiPQcXH2 => moved successfully C:\WINDOWS\System32\Tasks\DvwLFWwXutwLxJgmB2 => moved successfully C:\WINDOWS\System32\Tasks\iYMvCriySoqaGgPjbmR2 => moved successfully C:\WINDOWS\System32\Tasks\SOVqgpLsuXhFCxp2 => moved successfully C:\Program Files (x86)\bubans => moved successfully C:\Program Files (x86)\AZMD => moved successfully C:\Program Files (x86)\TweakMASTR => moved successfully C:\ProgramData\Quoteex => moved successfully C:\Users\David\AppData\Local\Unosing.tst => moved successfully C:\Users\David\AppData\Local\Config.xml => moved successfully C:\WINDOWS\SysWOW64\findit.xml => moved successfully C:\Users\David\AppData\Local\md.xml => moved successfully C:\WINDOWS\System32\Tasks\snp => moved successfully C:\WINDOWS\System32\Tasks\snf => moved successfully C:\ProgramData\Quoteexs => moved successfully C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully C:\Users\David\AppData\Local\InstallationConfiguration.xml => moved successfully C:\Users\David\AppData\Local\sham.db => moved successfully C:\WINDOWS\System32\Tasks\Updater_Online_Application => moved successfully C:\Users\David\AppData\Roaming\Microleaves => moved successfully C:\Users\David\AppData\Local\ESET => moved successfully C:\Users\David\AppData\Local\AdvinstAnalytics => moved successfully C:\ProgramData\Blogger => moved successfully C:\Program Files (x86)\Microleaves => moved successfully C:\ProgramData\Msa => moved successfully C:\Users\David\Downloads\ESET NOD32 Antivirus, Smart Security, Internet Security 10.0.386.0 + License Keys [SadeemPC] => moved successfully C:\WINDOWS\system32\Drivers\etc\lmhosts => moved successfully C:\Program Files (x86)\CheckPoint => moved successfully C:\ProgramData\CheckPoint => moved successfully C:\ProgramData\Kaspersky Lab => moved successfully C:\ProgramData\Kaspersky Lab Setup Files => moved successfully C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully HKU\S-1-5-21-1842900721-2209424687-1813072984-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7FCB8A6F166E} => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully "HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{264A8A23-554E-4AAF-A41A-49AE1A388FA4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{264A8A23-554E-4AAF-A41A-49AE1A388FA4}" => removed successfully "C:\WINDOWS\System32\Tasks\mMzvDpxKxjJVUr" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mMzvDpxKxjJVUr" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B0162A-473D-4C1B-B077-2218DFD3EC3C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B0162A-473D-4C1B-B077-2218DFD3EC3C}" => removed successfully "C:\WINDOWS\System32\Tasks\UXshqEpiPQcXH2" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UXshqEpiPQcXH2" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96B7E7AA-A566-4FDE-BCDD-96F10D22FC56}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96B7E7AA-A566-4FDE-BCDD-96F10D22FC56}" => removed successfully "C:\WINDOWS\System32\Tasks\DvwLFWwXutwLxJgmB2" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DvwLFWwXutwLxJgmB2" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99ED4113-D437-4D67-9CEE-59DD097D6901}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99ED4113-D437-4D67-9CEE-59DD097D6901}" => removed successfully "C:\WINDOWS\System32\Tasks\snp" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1938C70-A9F8-4624-847A-0553F21D80EA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1938C70-A9F8-4624-847A-0553F21D80EA}" => removed successfully "C:\WINDOWS\System32\Tasks\Updater_Online_Application" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61FB639-3373-4478-84CC-0E017299A1DE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61FB639-3373-4478-84CC-0E017299A1DE}" => removed successfully "C:\WINDOWS\System32\Tasks\SOVqgpLsuXhFCxp2" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SOVqgpLsuXhFCxp2" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0296985-5EC2-4A6C-AE7C-61FF5DAF4624}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0296985-5EC2-4A6C-AE7C-61FF5DAF4624}" => removed successfully "C:\WINDOWS\System32\Tasks\iYMvCriySoqaGgPjbmR2" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iYMvCriySoqaGgPjbmR2" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E041D5B2-4FCF-4505-8AE9-0A1CECFFC8DD}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E041D5B2-4FCF-4505-8AE9-0A1CECFFC8DD}" => removed successfully "C:\WINDOWS\System32\Tasks\ugbHS" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ugbHS" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F758A787-FEF7-44C2-B497-0F4313631815}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F758A787-FEF7-44C2-B497-0F4313631815}" => removed successfully "C:\WINDOWS\System32\Tasks\snf" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf" => removed successfully "C:\WINDOWS\Tasks\Updater_Online_Application.job" => not found C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E926E51-C41F-49F5-9879-8C7C95D11026}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E0E1D17-4B6E-492B-A56A-B177681A3C87}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C15E19E-4BC2-4D36-836B-B977472B539C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{374B12F6-C17B-4302-8A4F-AD59F3BF2FDC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1974CC7B-0B87-41B1-A870-979FE9F70AE5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98CB0A46-BE1A-4777-A9B0-13780F6FD213}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C625CC1-D1DA-4777-9B9F-D16ED0A36869}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92E5F252-11FB-4BE2-8EDE-B33C3C4CCECC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8E3519D-47D5-475E-9A17-59BBEFD6F16D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FB88A15-C10E-460C-ACE6-C02BC4A5EE5F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7E89D65-F769-4A04-864B-4F26B5A4D2A0}" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 288639459 B Java, Flash, Steam htmlcache => 952 B Windows/system/drivers => 47514558 B Edge => 3782 B Chrome => 75071 B Firefox => 360450 B Opera => 12550766 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 17216 B LocalService => 0 B NetworkService => 0 B NetworkService => 0 B David => 26325269 B RecycleBin => 223564 B EmptyTemp: => 365.8 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:21:07 ====