Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by maf2 (08-03-2017 14:24:14) Run:1 Running from C:\Users\maf2\Downloads\FSR Loaded Profiles: maf2 (Available Profiles: maf2 & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\networkgenie.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\psi.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\psi_tray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\qfinder.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\qfinderpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\xtuuilauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 GroupPolicyUsers\S-1-5-21-1564095453-3564214088-3623100993-1002\User: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S0 ovanvq; no ImagePath S0 tcoifh; no ImagePath U3 pgriqpow; C:\Users\maf2\AppData\Local\Temp\pgriqpow.sys [56584 2017-03-08] (GMER) [File not signed] <==== ATTENTION S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] S3 WINIO; \??\C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [X] C:\ProgramData\cis467.exe C:\ProgramData\Shrew Soft VPN.dat C:\Users\maf2\installshield_scm.reg C:\Users\maf2\scm.reg Task: {05126112-88D9-40A7-959B-C6B24C078D88} - \WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1002 -> No File <==== ATTENTION Task: {12F07964-3CAB-4E74-9BB5-21F23837BAE0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2887E153-65E6-47E7-A610-9584975F011F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2E5B8A04-839E-4A43-86BB-A6D13F6B4E5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {6B03AEAB-1417-4B57-A406-C77AF7875AE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {6C1E3C96-38EA-44D2-AD27-5E5348211CBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {9FD5B47B-D730-4B0B-ABFB-6820C38AB389} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A01A0CD5-EBD1-48ED-AA2F-A0622925A4FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {ABE062BD-96A5-480E-AE91-52632E196ABE} - \WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1001 -> No File <==== ATTENTION Task: {BA3AEC11-3097-4EAA-ADEF-57EE97174A91} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C1A4FD06-4E51-4B45-84BC-4D14272C5CBC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D1E93B72-D7F9-4591-B96F-44C7AAEE865C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FBCAD498-74B4-49C9-8787-FB5290C0C7AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD IntelĀ®.lnk EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtagent.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dtlauncher.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\networkgenie.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\origin.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\originer.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\psi.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\psi_tray.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\qfinder.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\qfinderpro.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\xtuuilauncher.exe => key removed successfully HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1564095453-3564214088-3623100993-1002\User => moved successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKLM\System\CurrentControlSet\Services\ovanvq => key removed successfully ovanvq => service removed successfully HKLM\System\CurrentControlSet\Services\tcoifh => key removed successfully tcoifh => service removed successfully pgriqpow => service not found. MBAMProtection => Unable to stop service. HKLM\System\CurrentControlSet\Services\MBAMProtection => key could not remove, key could be protected HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv => key removed successfully TuneUpUtilitiesDrv => service removed successfully HKLM\System\CurrentControlSet\Services\WINIO => key removed successfully WINIO => service removed successfully C:\ProgramData\cis467.exe => moved successfully C:\ProgramData\Shrew Soft VPN.dat => moved successfully C:\Users\maf2\installshield_scm.reg => moved successfully C:\Users\maf2\scm.reg => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05126112-88D9-40A7-959B-C6B24C078D88} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05126112-88D9-40A7-959B-C6B24C078D88} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1002 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12F07964-3CAB-4E74-9BB5-21F23837BAE0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12F07964-3CAB-4E74-9BB5-21F23837BAE0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2887E153-65E6-47E7-A610-9584975F011F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2887E153-65E6-47E7-A610-9584975F011F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E5B8A04-839E-4A43-86BB-A6D13F6B4E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E5B8A04-839E-4A43-86BB-A6D13F6B4E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B03AEAB-1417-4B57-A406-C77AF7875AE0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B03AEAB-1417-4B57-A406-C77AF7875AE0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1E3C96-38EA-44D2-AD27-5E5348211CBB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1E3C96-38EA-44D2-AD27-5E5348211CBB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FD5B47B-D730-4B0B-ABFB-6820C38AB389} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FD5B47B-D730-4B0B-ABFB-6820C38AB389} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A01A0CD5-EBD1-48ED-AA2F-A0622925A4FF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A01A0CD5-EBD1-48ED-AA2F-A0622925A4FF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABE062BD-96A5-480E-AE91-52632E196ABE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABE062BD-96A5-480E-AE91-52632E196ABE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA3AEC11-3097-4EAA-ADEF-57EE97174A91} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA3AEC11-3097-4EAA-ADEF-57EE97174A91} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A4FD06-4E51-4B45-84BC-4D14272C5CBC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A4FD06-4E51-4B45-84BC-4D14272C5CBC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E93B72-D7F9-4591-B96F-44C7AAEE865C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E93B72-D7F9-4591-B96F-44C7AAEE865C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBCAD498-74B4-49C9-8787-FB5290C0C7AD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBCAD498-74B4-49C9-8787-FB5290C0C7AD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk => moved successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk => moved successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk => moved successfully C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD IntelĀ®.lnk => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 583648 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6437629 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 16709 B Edge => 0 B Chrome => 92160 B Firefox => 17606889 B Opera => 82440615 B Temp, IE cache, history, cookies, recent: Default => 9184 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 7522 B NetworkService => 0 B maf2 => 11796552 B Administrator => 9782 B MsDtsServer110.NT Service => 0 B MSSQLServerOLAPService.NT Service => 0 B ReportServer.NT Service => 0 B MSSQLFDLauncher.NT Service => 0 B MSSQLSERVER.NT Service => 0 B RecycleBin => 93263716 B EmptyTemp: => 202.4 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-03-2017 14:31:31) Result of scheduled keys to remove after reboot: HKLM\System\CurrentControlSet\Services\MBAMProtection => key could not remove, key could be protected ==== End of Fixlog 14:31:32 ====