Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by MohammadMutehir (2016-03-20 14:22:08) Run:1 Running from C:\Users\MohammadMutehir\Desktop Loaded Profiles: MohammadMutehir (Available Profiles: MohammadMutehir) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM-x32\...\Run: [win_en_77] => [X] S2 Nafmetwe; "C:\Users\MohammadMutehir\AppData\Roaming\WijeLappus\Cudgow.exe" -cms [X] 2016-03-18 21:12 - 2016-03-19 18:54 - 00000000 ____D C:\Users\MohammadMutehir\AppData\Roaming\Xajrikgabe 2016-03-18 20:46 - 2016-03-18 20:46 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e 2016-03-18 23:42 - 2015-03-13 18:15 - 00000000 __SHD C:\Users\MohammadMutehir\AppData\LocalLow\EmieUserList 2016-03-18 23:42 - 2015-03-13 18:15 - 00000000 __SHD C:\Users\MohammadMutehir\AppData\LocalLow\EmieSiteList Task: {203D7705-EC84-4ABB-BE62-327FD8DA7E6A} - System32\Tasks\Ugejakau => C:\PROGRA~1\SHOPPE~1\Puuinf.bat Task: {2AD67659-6703-44E2-9B36-D7B6DE3EB840} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {30F6DB43-6544-4461-928F-FF8795C87786} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {4B342186-2ECE-4055-B39B-E436E6454553} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {63EBED2C-7914-4709-933F-2E8E9E2D4405} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {666DF5ED-5270-41F4-AC75-1F4572410736} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8C5CCEC5-E674-4AD6-9B89-C74F3545782A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {AC2C528E-DD8A-4C6C-BF08-D0782DA882B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BAD68591-9FF8-4DEB-B4C5-DFFC98759885} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {CB6FA4F7-90D5-4382-8F21-91673EC9A96E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D5487516-15B3-49CF-927F-7FC5D6FE0C73} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F84AF58F-337D-47E3-94CB-F1DE232B8EA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION C:\Users\MohammadMutehir\AppData\Roaming\WijeLappus C:\PROGRA~1\SHOPPE~1 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully Nafmetwe => service removed successfully C:\Users\MohammadMutehir\AppData\Roaming\Xajrikgabe => moved successfully C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully C:\Users\MohammadMutehir\AppData\LocalLow\EmieUserList => moved successfully C:\Users\MohammadMutehir\AppData\LocalLow\EmieSiteList => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{203D7705-EC84-4ABB-BE62-327FD8DA7E6A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{203D7705-EC84-4ABB-BE62-327FD8DA7E6A}" => key removed successfully C:\WINDOWS\System32\Tasks\Ugejakau => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ugejakau" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AD67659-6703-44E2-9B36-D7B6DE3EB840}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD67659-6703-44E2-9B36-D7B6DE3EB840}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30F6DB43-6544-4461-928F-FF8795C87786}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30F6DB43-6544-4461-928F-FF8795C87786}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B342186-2ECE-4055-B39B-E436E6454553}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B342186-2ECE-4055-B39B-E436E6454553}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63EBED2C-7914-4709-933F-2E8E9E2D4405}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EBED2C-7914-4709-933F-2E8E9E2D4405}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{666DF5ED-5270-41F4-AC75-1F4572410736}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{666DF5ED-5270-41F4-AC75-1F4572410736}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C5CCEC5-E674-4AD6-9B89-C74F3545782A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C5CCEC5-E674-4AD6-9B89-C74F3545782A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC2C528E-DD8A-4C6C-BF08-D0782DA882B0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC2C528E-DD8A-4C6C-BF08-D0782DA882B0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAD68591-9FF8-4DEB-B4C5-DFFC98759885}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAD68591-9FF8-4DEB-B4C5-DFFC98759885}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB6FA4F7-90D5-4382-8F21-91673EC9A96E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB6FA4F7-90D5-4382-8F21-91673EC9A96E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5487516-15B3-49CF-927F-7FC5D6FE0C73}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5487516-15B3-49CF-927F-7FC5D6FE0C73}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F84AF58F-337D-47E3-94CB-F1DE232B8EA2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F84AF58F-337D-47E3-94CB-F1DE232B8EA2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "C:\Users\MohammadMutehir\AppData\Roaming\WijeLappus" => not found. "C:\PROGRA~1\SHOPPE~1" => not found. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-554739248-862141351-3468069622-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-554739248-862141351-3468069622-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {A5D3CB3C-116A-48B2-964A-B2F4D11A2735} canceled. {C0337B64-A68F-4D37-B900-E539FAE7FE65} canceled. {1BF949BC-350D-424E-829D-DCEDEE0F766E} canceled. {08F34296-2CEA-40FE-8931-DC59CA0FC961} canceled. 4 out of 4 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 368.7 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 14:24:03 ====