Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by Insane (25-03-2019 13:39:07) Run:1 Running from C:\Users\Insane\Desktop\Recovery Scan Loaded Profiles: Insane & (Available Profiles: Insane) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: Hosts: HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\...\StartupApproved\StartupFolder: => "R79reHYMtOJgbn8Yc1jm.vbs" FirewallRules: [{C6158580-CEB0-4B3C-A680-F32553B66857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe No File FirewallRules: [{72ED494E-769A-406B-BE42-E23A547E3A4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe No File FirewallRules: [{606FDC4F-BA73-4607-A4B1-E863F5FC71B9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File FirewallRules: [{AFDEC64C-707B-4218-B45E-171327435FAF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File FirewallRules: [{9C3F6C8C-594E-4440-A3E5-76536EAB502D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe No File FirewallRules: [{48DF68F1-CE7A-4DE9-8EE3-F6592B5B0E97}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe No File FirewallRules: [{291A0A11-9271-458D-AE9E-560BCB64AA31}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe No File FirewallRules: [{297F6FA3-82D8-4A7A-85AB-4100324D27F1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe No File FirewallRules: [{CD81471F-392C-46A5-9614-3489EA5C0E5C}] => (Allow) D:\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File FirewallRules: [{66D8C034-348F-40AB-A5B2-A69661766402}] => (Allow) D:\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File FirewallRules: [TCP Query User{DA799A2F-26AB-4F11-A75D-7F4F6D419F94}E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe] => (Allow) E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe No File FirewallRules: [UDP Query User{E8BC6242-874C-4BCC-9299-4D8864D372E0}E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe] => (Allow) E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe No File FirewallRules: [TCP Query User{B0DB02A6-6094-421A-ABB2-61D64C5035CE}D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [UDP Query User{9F90BF94-9E94-4ED5-82D0-7B01FD0EE590}D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [{74EA2EF7-9242-4CC8-8B67-B0AFB8868DEB}] => (Allow) E:\Program Files\Windows 10 Pro Permanent Activator Ultimate 2.2\Windows 10 Pro Permanent Activator Ultimate 2.2.exe No File C:\ProgramData\{2DEC06E1-DDEE-847F-96C0-FC089627A559} C:\ProgramData\{BD7BCDCA-16C5-14E8-BD0B-6B98BDEC32C9} C:\Users\Insane\AppData\Local\App\svchost.exe HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Windows Defender <==== ATTENTION SearchScopes: HKLM-x32 -> DefaultScope value is missing 2019-03-12 21:25 - 2019-03-13 14:06 - 000000000 ____D E:\Program Files\Reimage EmptyTemp: end ***************** Restore point was successfully created. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. "C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\R79reHYMtOJgbn8Yc1jm.vbs" => not found "HKU\S-1-5-21-2222582211-2325190247-1126929042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\R79reHYMtOJgbn8Yc1jm.vbs" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6158580-CEB0-4B3C-A680-F32553B66857}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72ED494E-769A-406B-BE42-E23A547E3A4B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{606FDC4F-BA73-4607-A4B1-E863F5FC71B9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFDEC64C-707B-4218-B45E-171327435FAF}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C3F6C8C-594E-4440-A3E5-76536EAB502D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48DF68F1-CE7A-4DE9-8EE3-F6592B5B0E97}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{291A0A11-9271-458D-AE9E-560BCB64AA31}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{297F6FA3-82D8-4A7A-85AB-4100324D27F1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD81471F-392C-46A5-9614-3489EA5C0E5C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66D8C034-348F-40AB-A5B2-A69661766402}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA799A2F-26AB-4F11-A75D-7F4F6D419F94}E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8BC6242-874C-4BCC-9299-4D8864D372E0}E:\program files\cisco packet tracer 7.1\bin\packettracer7.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B0DB02A6-6094-421A-ABB2-61D64C5035CE}D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9F90BF94-9E94-4ED5-82D0-7B01FD0EE590}D:\games\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74EA2EF7-9242-4CC8-8B67-B0AFB8868DEB}" => removed successfully C:\ProgramData\{2DEC06E1-DDEE-847F-96C0-FC089627A559} => moved successfully C:\ProgramData\{BD7BCDCA-16C5-14E8-BD0B-6B98BDEC32C9} => moved successfully "C:\Users\Insane\AppData\Local\App\svchost.exe" => not found HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "2019-03-12 21:25 - 2019-03-13 14:06 - 000000000 ____D E:\Program Files\Reimage" => not found =========== EmptyTemp: ========== BITS transfer queue => 11558912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 286517352 B Java, Flash, Steam htmlcache => 342242103 B Windows/system/drivers => 17955759 B Edge => 1160276 B Chrome => 430992169 B Firefox => 16854628 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 313104 B NetworkService => 0 B Insane => 83669558 B RecycleBin => 10565519672 B EmptyTemp: => 10.9 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-03-2019 13:52:18) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected ==== End of Fixlog 13:52:18 ====