Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017 Ran by fundowic (29-05-2017 20:18:17) Run:3 Running from C:\Users\fundowic\Desktop\FRST Loaded Profiles: fundowic (Available Profiles: fundowic) Boot Mode: Normal ============================================== fixlist content: ***************** StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi] "DisplayName"="@%SystemRoot%\\system32\\nsisvc.dll,-200" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,00,00 "Description"="@%SystemRoot%\\system32\\nsisvc.dll,-201" "ObjectName"="NT Authority\\LocalService" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):6e,00,73,00,69,00,70,00,72,00,6f,00,78,00,79,00,00,00,\ 00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\ 00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6e,00,73,00,69,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt] "DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204" "ObjectName"="localSystem" "ErrorControl"=dword:00000000 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "ServiceSidType"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\ 00,6c,00,6c,00,00,00 "ServiceMain"="ServiceMain" EndRegedit: StartBatch: SetACL -on "HKLM\SYSTEM\CurrentControlSet\Services\nsi" -ot reg -actn restore -bckp C:\Users\fundowic\Desktop\fix.txt netsh advfirewall reset del /q C:\WINDOWS\SysWOW64\3333333 del /q C:\WINDOWS\SysWOW64\33 del /q C:\WINDOWS\SysWOW64\1111111 del /q C:\WINDOWS\SysWOW64\1111 del /q C:\WINDOWS\SysWOW64\11 del /q C:\WINDOWS\SysWOW64\00 EndBatch: DeleteKey: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4fd88af7_0 DeleteKey: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7909d0b6_0 DeleteValue: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache| C:\Program Files (x86)\Bagsarah\Application\chrome.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Mozilla Firefox\plugins DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Mozilla Firefox RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Quarantine RemoveDirectory: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip RemoveDirectory: C:\Program Files (x86)\BiaoJi RemoveDirectory: C:\Program Files (x86)\mozilla firefox RemoveDirectory: C:\Users\fundowic\AppData\LocalLow\Mozilla RemoveDirectory: C:\WINDOWS\system32\log Reboot: ***************** ====> Registry ========= Batch: ========= INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. Input file for restore operation opened: 'C:\Users\fundowic\Desktop\fix.txt' Restoring SD of: Restoring SD of: SetACL finished successfully. An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. ========= End of Batch: ========= HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome => key removed successfully HKLM\SOFTWARE\Wow6432Node\Mozilla => key removed successfully HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\4fd88af7_0 => key removed successfully HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7909d0b6_0 => key removed successfully HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\ => value not found. "C:\Program Files (x86)\Bagsarah\Application\chrome.exe" => not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Mozilla Firefox\plugins => value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Mozilla Firefox => value not found. "C:\AdwCleaner" => removed successfully. "C:\FRST\Quarantine" => removed successfully. "C:\Quarantine" => removed successfully. "C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}" => removed successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip" => removed successfully. "C:\Program Files (x86)\BiaoJi" => removed successfully. "C:\Program Files (x86)\mozilla firefox" => removed successfully. "C:\Users\fundowic\AppData\LocalLow\Mozilla" => removed successfully. "C:\WINDOWS\system32\log" => removed successfully. The system needed a reboot. ==== End of Fixlog 20:18:43 ====