Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Fraser Ross (11-11-2016 12:39:26) Run:1
Running from C:\Users\Fraser Ross\Desktop
Loaded Profiles: Fraser Ross (Available Profiles: Fraser Ross)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
C:\WINDOWS\System32\DRIVERS\kl1.sys
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
C:\WINDOWS\System32\DRIVERS\klelam.sys
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
C:\WINDOWS\system32\DRIVERS\klflt.sys
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [413008 2016-08-01] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
ProxyServer: [S-1-5-21-3240783315-1213011343-4006949943-1000] => localhost:21320
Toolbar: HKU\S-1-5-21-3240783315-1213011343-4006949943-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
U3 aspnet_state; no ImagePath
U3 idsvc; no ImagePath
Task: {0446197A-0B7A-4D11-BFEC-89B876792820} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {377C4ED5-B272-4657-939B-CBA97F5887EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {47E9A61D-A100-4FCC-A76F-61C5AAAC12BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {7CB35667-A61D-40E7-BDF4-0DB532A18327} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F46620C-3403-44C7-8E1C-E09133BD2476} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B0C1C488-F8B6-4260-B522-36FDB60D97A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D88F3FB4-A089-422A-B189-5C10B64AC68D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E8EC5650-8483-4716-9C6B-BE1F14AC5371} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ECAF5FA7-1443-4275-BD1E-A1401949D6B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F40D6D82-F477-4957-AB54-77FC67BACCD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:3C57BFC0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:6EEE61F0 [121]
AlternateDataStreams: C:\ProgramData\TEMP:753C01E7 [143]
AlternateDataStreams: C:\ProgramData\TEMP:9E00596C [264]
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
EmptyTemp:
End
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
KL1 => Unable to stop service.
KL1 => service removed successfully
C:\WINDOWS\System32\DRIVERS\kl1.sys => moved successfully
klelam => service removed successfully
C:\WINDOWS\System32\DRIVERS\klelam.sys => moved successfully
klflt => Unable to stop service.
klflt => service removed successfully
C:\WINDOWS\system32\DRIVERS\klflt.sys => moved successfully
klhk => Unable to stop service.
klhk => service removed successfully
KLIF => Unable to stop service.
KLIF => service could not remove
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value removed successfully
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
aspnet_state => service removed successfully
idsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0446197A-0B7A-4D11-BFEC-89B876792820}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377C4ED5-B272-4657-939B-CBA97F5887EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E9A61D-A100-4FCC-A76F-61C5AAAC12BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-3xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB35667-A61D-40E7-BDF4-0DB532A18327}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C013B01-5D9E-4C9B-A0ED-6EFEEF07F9DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F46620C-3403-44C7-8E1C-E09133BD2476}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C1C488-F8B6-4260-B522-36FDB60D97A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FE9F2A-ACA5-4ECC-B625-9DBB32EDD93C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88F3FB4-A089-422A-B189-5C10B64AC68D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EC5650-8483-4716-9C6B-BE1F14AC5371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECAF5FA7-1443-4275-BD1E-A1401949D6B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40D6D82-F477-4957-AB54-77FC67BACCD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\ProgramData\TEMP => ":3C57BFC0" ADS removed successfully.
C:\ProgramData\TEMP => ":6EEE61F0" ADS removed successfully.
C:\ProgramData\TEMP => ":753C01E7" ADS removed successfully.
C:\ProgramData\TEMP => ":9E00596C" ADS removed successfully.
"HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3240783315-1213011343-4006949943-1000\Software\Classes\.exe" => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63000482 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2313 B
Edge => 0 B
Chrome => 0 B
Firefox => 8732335 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 24791225 B
NetworkService => 792 B
Fraser Ross => 18922741 B
RecycleBin => 0 B
EmptyTemp: => 110.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:39:58 ====