Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2021 Ran by 48607 (18-11-2021 21:22:46) Run:3 Running from C:\Users\48607\Desktop Loaded Profiles: 48607 Boot Mode: Normal ============================================== fixlist content: ***************** C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt (No File) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt (No File) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File) HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File) C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\588.vbs HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] FirewallRules: [{D52DA396-1A91-4FEF-854C-CE70E8A7410B}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{0510F687-FA1C-4787-9682-BEC0C041C256}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{08F0C9E8-32D9-48D0-AC0A-9792A80E20C9}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{C15F792B-22C4-4031-85EB-217A1DC3256E}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{5CE91919-9E5E-4ECB-BAF1-70F7DB51A1DA}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{9ACDFF1D-E005-45B8-B589-DBE8CADA6556}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{7BD44FF4-07E2-4EBF-B931-49E74507ECB8}] => (Allow) C:\Windows\System\svchost.exe => No File FirewallRules: [{C35ACD1D-123A-4ED6-83F9-E1E2E143AE0B}] => (Allow) C:\Windows\System\svchost.exe => No File Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s Reboot: ***************** C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk => moved successfully C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk => moved successfully C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt (No File)" => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt (No File)" => not found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk => moved successfully "HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully "HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully "HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully "HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully "HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\Software\Microsoft\Windows\CurrentVersion\Run\\qpyizhzm" => removed successfully C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\588.vbs => moved successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D52DA396-1A91-4FEF-854C-CE70E8A7410B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0510F687-FA1C-4787-9682-BEC0C041C256}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08F0C9E8-32D9-48D0-AC0A-9792A80E20C9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C15F792B-22C4-4031-85EB-217A1DC3256E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CE91919-9E5E-4ECB-BAF1-70F7DB51A1DA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ACDFF1D-E005-45B8-B589-DBE8CADA6556}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BD44FF4-07E2-4EBF-B931-49E74507ECB8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C35ACD1D-123A-4ED6-83F9-E1E2E143AE0B}" => removed successfully ========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv Type REG_DWORD 0x20 Start REG_DWORD 0x3 ErrorControl REG_DWORD 0x1 ServiceSidType REG_DWORD 0x1 ImagePath REG_SZ C:\WINDOWS\system32\svchost.exe -k netsvcs -p ObjectName REG_SZ LocalSystem DependOnService REG_MULTI_SZ rpcss RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege\0SeDebugPrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeSecurityPrivilege\0SeTakeOwnershipPrivilege\0SeLoadDriverPrivilege\0SeManageVolumePrivilege\0SeSystemEnvironmentPrivilege\0SeCreateSymbolicLinkPrivilege\0SeIncreaseBasePriorityPrivilege ========= End of Reg: ========= ========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv Type REG_DWORD 0x20 Start REG_DWORD 0x3 ErrorControl REG_DWORD 0x1 ServiceSidType REG_DWORD 0x1 ImagePath REG_SZ C:\WINDOWS\system32\svchost.exe -k netsvcs -p ObjectName REG_SZ LocalSystem DependOnService REG_MULTI_SZ rpcss RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege\0SeDebugPrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeSecurityPrivilege\0SeTakeOwnershipPrivilege\0SeLoadDriverPrivilege\0SeManageVolumePrivilege\0SeSystemEnvironmentPrivilege\0SeCreateSymbolicLinkPrivilege\0SeIncreaseBasePriorityPrivilege ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog 21:22:47 ====