Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by mohamed (19-03-2018 07:27:10) Run:1 Running from C:\Users\mohamed\Desktop Loaded Profiles: mohamed (Available Profiles: mohamed & moha) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {0fa1e872-7a7a-11e7-b821-b82a72aa285d} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\...\MountPoints2: {f580b47b-7a76-11e6-b728-b82a72aa285d} - "G:\SISetup.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe () GroupPolicy: Restriction <==== ATTENTION BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File] StartMenuInternet: Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ - C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File ContextMenuHandlers3-x32: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {9ADC4F4E-F9B6-46B2-BD34-96325EFDD430} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {FA6B4797-77E8-4695-BA9D-8649F517C1D7} - System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => C:\Windows\system32\pcalua.exe -a C:\Users\mohamed\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= "HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully "HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fa1e872-7a7a-11e7-b821-b82a72aa285d}" => removed successfully HKLM\Software\Classes\CLSID\{0fa1e872-7a7a-11e7-b821-b82a72aa285d} => not found "HKU\S-1-5-21-3544706222-1499703263-3937389962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f580b47b-7a76-11e6-b728-b82a72aa285d}" => removed successfully HKLM\Software\Classes\CLSID\{f580b47b-7a76-11e6-b728-b82a72aa285d} => not found "C:\Windows\system32\nvinitx.dll" => Value data removed successfully C:\Program Files => FRST is scripted not to move this directory. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully "HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully "HKLM\Software\Wow6432Node\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removed successfully HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.6YVD3SAXKUMUCUYPYGWUIFT3OQ\shell\open\command\\Default => value restored successfully "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SHAREit.FileContextMenuExt" => removed successfully HKLM\Software\Classes\CLSID\{430BD134-576D-4E75-87CD-0F5C6221A82B} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ADC4F4E-F9B6-46B2-BD34-96325EFDD430}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA6B4797-77E8-4695-BA9D-8649F517C1D7}" => removed successfully C:\WINDOWS\System32\Tasks\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19CE17E5-7E37-48D4-9ECD-7B7ABE71A747}" => removed successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 11821056 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27877560 B Java, Flash, Steam htmlcache => 1170 B Windows/system/drivers => 66665757 B Edge => 3509130 B Chrome => 478836116 B Firefox => 58917276 B Opera => 254976 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 4102 B NetworkService => 0 B mohamed => 84358059 B moha.mohamed-PC => 26054009 B RecycleBin => 871841 B EmptyTemp: => 724 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-03-2018 07:36:53) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. ==== End of Fixlog 07:36:54 ====