Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by damia (25-03-2017 21:27:35) Run:2
Running from C:\Users\damia\Desktop
Loaded Profiles: damia (Available Profiles: damia & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\RunOnce: [DESKTOP-5691JFE] => C:\WINDOWS\TEMP\g8657.tmp.exe [249344 2017-03-18] () <===== ATTENTION
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\...\Policies\Explorer: [HideSCAVolume] 0
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\damia\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Task: {17AB1F21-A5A2-4078-9A55-569E050388E5} - System32\Tasks\v4-0-30319\ngen => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
Task: {323BB2AD-D680-45C5-A445-C91DF7938EEB} - System32\Tasks\v4 => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
Task: {3E2D6A0F-9B89-44E8-B7C1-029AB44634FB} - System32\Tasks\7368e7341e2044H34 => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD <==== ATTENTION
Task: {7F1C774A-E1F5-4222-8A83-283FD2C72CBA} - System32\Tasks\ielowutil => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
Task: {DA7896D3-833F-4041-83F7-71E1E0B4F6BB} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe 
Task: {F4F4A3E4-1AB0-41CB-AA9D-74E5D9245640} - System32\Tasks\ielowutil-exe => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
Task: {FC35E804-4A6F-476F-A80E-181C44C17C19} - System32\Tasks\v4-0-30319\mscorsvw => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
Task: {FDB06B8F-D88D-4CA6-9D10-B91200B34BED} - System32\Tasks\v4-0 => Rundll32.exe "C:\ProgramData\7368e7341e2044H34\7368e7341e2044H34.dll",eHeZcuQLD
RemoveDirectory: C:\ProgramData\7368e7341e2044H34
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.ln
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
C:\Users\damia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\damia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
CMD: ipconfig /flushdns 
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DESKTOP-5691JFE => value not found.
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoPreviewPane => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWinkeys => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCANetwork => value removed successfully
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAVolume => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKU\S-1-5-21-1922636286-9306992-3665695711-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{17AB1F21-A5A2-4078-9A55-569E050388E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17AB1F21-A5A2-4078-9A55-569E050388E5} => key removed successfully
C:\WINDOWS\System32\Tasks\v4-0-30319\ngen => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\v4-0-30319\ngen => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{323BB2AD-D680-45C5-A445-C91DF7938EEB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323BB2AD-D680-45C5-A445-C91DF7938EEB} => key removed successfully
C:\WINDOWS\System32\Tasks\v4 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\v4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3E2D6A0F-9B89-44E8-B7C1-029AB44634FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2D6A0F-9B89-44E8-B7C1-029AB44634FB} => key removed successfully
C:\WINDOWS\System32\Tasks\7368e7341e2044H34 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7368e7341e2044H34 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7F1C774A-E1F5-4222-8A83-283FD2C72CBA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F1C774A-E1F5-4222-8A83-283FD2C72CBA} => key removed successfully
C:\WINDOWS\System32\Tasks\ielowutil => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ielowutil => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA7896D3-833F-4041-83F7-71E1E0B4F6BB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA7896D3-833F-4041-83F7-71E1E0B4F6BB} => key removed successfully
C:\WINDOWS\System32\Tasks\QForlLgs0EYm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QForlLgs0EYm => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F4F4A3E4-1AB0-41CB-AA9D-74E5D9245640} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4F4A3E4-1AB0-41CB-AA9D-74E5D9245640} => key removed successfully
C:\WINDOWS\System32\Tasks\ielowutil-exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ielowutil-exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FC35E804-4A6F-476F-A80E-181C44C17C19} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC35E804-4A6F-476F-A80E-181C44C17C19} => key removed successfully
C:\WINDOWS\System32\Tasks\v4-0-30319\mscorsvw => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\v4-0-30319\mscorsvw => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FDB06B8F-D88D-4CA6-9D10-B91200B34BED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB06B8F-D88D-4CA6-9D10-B91200B34BED} => key removed successfully
C:\WINDOWS\System32\Tasks\v4-0 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\v4-0 => key removed successfully
"C:\ProgramData\7368e7341e2044H34" => removed successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.ln" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk => moved successfully
C:\Users\damia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => moved successfully
C:\Users\damia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99883082 B
Java, Flash, Steam htmlcache => 92883 B
Windows/system/drivers => 66036578 B
Edge => 735809 B
Chrome => 28404701 B
Firefox => 407033167 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 1642 B
NetworkService => 37748 B
damia => 894564533 B
Administrator => 928142 B

RecycleBin => 979 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:30:00 ====