Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by admin (19-08-2018 14:22:57) Run:1
Running from I:\2018
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {20c1b7c7-a7ee-11e6-89f6-fcaa14c2fb92} - L:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {696585ce-d229-11e3-961a-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480ec5-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f11-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f62-23ec-11e7-bc40-fcaa14c2fb92} - K:\setup.exe -a
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {98507fb2-4a79-11e7-8dc1-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ad504ddb-2ab0-11e5-883e-806e6f6e6963} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {c38be7d2-8209-11e4-99ab-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {d4c2d37b-a551-11e5-899c-001b10002aec} - K:\Startme.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ea572361-749b-11e5-8398-001b10002aec} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {f2f63f40-5221-11e6-be00-fcaa14c2fb92} - O:\Setup.exe
S2 AppmallosayoV; no ImagePath
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
S2 system_http_dll; C:\ProgramData\9e153da59d\e7b640f780.exe [X]
S3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [Run] -> {2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers5: [Search] -> {2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Task: {4120B6CA-8F1B-4B45-898E-88DB55ED0E1E} - \AVG-SSU_0317tb_DELETE -> No File <==== ATTENTION
Task: {F5684CF2-9853-4E68-9845-2CEE01990AA5} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: C:\Windows\Tasks\CTServiceInstaller.job => C:\Program Files (x86)\Cold Turkey\CTServiceInstaller.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
AlternateDataStreams: C:\Users\admin\AppData\Local\CW8MKdOz3eydkEX:A4VMR1bqMZky8uETs6ODdus [2630]
AlternateDataStreams: C:\ProgramData\Microsoft:mTcPzRjTPWDZYLSQyfTA3D [2718]
AlternateDataStreams: C:\ProgramData\Microsoft:vHezHRZxxwHTn3Tbuctt8zz [2420]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [308]
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
MSCONFIG\startupreg: Chromium => c:\users\admin\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
FirewallRules: [{37ECEAC0-AB95-4B56-AD1A-EE9570DCE75A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{8C582BA6-1710-4C25-AED4-2AC80D8ADB35}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BFF466DD-9B89-44E0-B440-08357C4DD189}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1C18BD99-8C85-4006-A3A8-EF4F572E3854}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{BD284F0E-8D77-4C28-88A4-62AC559620A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E3B785F7-0B8C-4C58-84FB-7F8F345C4DBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{A93D5526-2BC3-4EE9-ABE1-287A30E2AF3D}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{8C5102AA-7C1E-4CD7-8190-C78EB42B4AF3}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{C86264C2-35E1-485F-8B60-4BBF5D3A4E5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{48E2E7E4-2EF3-43ED-982E-6564D98EBD7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
C:\Program Files (x86)\AVG
CMD: Type C:\Ruby22-x64\bin\irb.bat 
CMD: type C:\Ruby22-x64\bin\setrbvars.bat
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:













*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => removed successfully
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20c1b7c7-a7ee-11e6-89f6-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{20c1b7c7-a7ee-11e6-89f6-fcaa14c2fb92} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696585ce-d229-11e3-961a-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{696585ce-d229-11e3-961a-806e6f6e6963} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75480ec5-23ec-11e7-bc40-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{75480ec5-23ec-11e7-bc40-fcaa14c2fb92} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75480f11-23ec-11e7-bc40-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{75480f11-23ec-11e7-bc40-fcaa14c2fb92} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75480f62-23ec-11e7-bc40-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{75480f62-23ec-11e7-bc40-fcaa14c2fb92} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98507fb2-4a79-11e7-8dc1-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{98507fb2-4a79-11e7-8dc1-fcaa14c2fb92} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad504ddb-2ab0-11e5-883e-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{ad504ddb-2ab0-11e5-883e-806e6f6e6963} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c38be7d2-8209-11e4-99ab-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{c38be7d2-8209-11e4-99ab-806e6f6e6963} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4c2d37b-a551-11e5-899c-001b10002aec}" => removed successfully
HKLM\Software\Classes\CLSID\{d4c2d37b-a551-11e5-899c-001b10002aec} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea572361-749b-11e5-8398-001b10002aec}" => removed successfully
HKLM\Software\Classes\CLSID\{ea572361-749b-11e5-8398-001b10002aec} => not found
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2f63f40-5221-11e6-be00-fcaa14c2fb92}" => removed successfully
HKLM\Software\Classes\CLSID\{f2f63f40-5221-11e6-be00-fcaa14c2fb92} => not found
"HKLM\System\CurrentControlSet\Services\AppmallosayoV" => removed successfully
AppmallosayoV => service removed successfully
"HKLM\System\CurrentControlSet\Services\MxService" => removed successfully
MxService => service removed successfully
"HKLM\System\CurrentControlSet\Services\system_http_dll" => removed successfully
system_http_dll => service removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz134" => removed successfully
cpuz134 => service removed successfully
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
dbx => service removed successfully
"HKLM\System\CurrentControlSet\Services\EsgScanner" => removed successfully
EsgScanner => service removed successfully
"HKLM\System\CurrentControlSet\Services\gdrv" => removed successfully
gdrv => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0TheftProtectionDll" => removed successfully
HKLM\Software\Classes\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO" => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Run" => removed successfully
HKLM\Software\Classes\CLSID\{2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Search" => removed successfully
HKLM\Software\Classes\CLSID\{2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO" => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4120B6CA-8F1B-4B45-898E-88DB55ED0E1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4120B6CA-8F1B-4B45-898E-88DB55ED0E1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0317tb_DELETE" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F5684CF2-9853-4E68-9845-2CEE01990AA5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5684CF2-9853-4E68-9845-2CEE01990AA5}" => removed successfully
C:\Windows\System32\Tasks\AVG EUpdate Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task" => removed successfully
C:\Windows\Tasks\CTServiceInstaller.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\Users\admin\AppData\Local\CW8MKdOz3eydkEX => ":A4VMR1bqMZky8uETs6ODdus" ADS removed successfully
C:\ProgramData\Microsoft => ":mTcPzRjTPWDZYLSQyfTA3D" ADS removed successfully
C:\ProgramData\Microsoft => ":vHezHRZxxwHTn3Tbuctt8zz" ADS removed successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully
"HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile" => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chromium => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37ECEAC0-AB95-4B56-AD1A-EE9570DCE75A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C582BA6-1710-4C25-AED4-2AC80D8ADB35}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFF466DD-9B89-44E0-B440-08357C4DD189}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C18BD99-8C85-4006-A3A8-EF4F572E3854}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD284F0E-8D77-4C28-88A4-62AC559620A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3B785F7-0B8C-4C58-84FB-7F8F345C4DBA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A93D5526-2BC3-4EE9-ABE1-287A30E2AF3D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C5102AA-7C1E-4CD7-8190-C78EB42B4AF3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C86264C2-35E1-485F-8B60-4BBF5D3A4E5B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48E2E7E4-2EF3-43ED-982E-6564D98EBD7B}" => removed successfully
C:\Program Files (x86)\AVG => moved successfully

========= Type C:\Ruby22-x64\bin\irb.bat =========

@ECHO OFF
IF NOT "%~f0" == "~f0" GOTO :WinNT
ECHO.This version of Ruby has not been built with support for Windows 95/98/Me.
GOTO :EOF
:WinNT
@"%~dp0ruby.exe" "%~dpn0" %*

========= End of CMD: =========


========= type C:\Ruby22-x64\bin\setrbvars.bat =========

@ECHO OFF
REM Determine where is RUBY_BIN (where this script is)
PUSHD %~dp0.
SET RUBY_BIN=%CD%
POPD

REM Add RUBY_BIN to the PATH
REM RUBY_BIN takes higher priority to avoid other tools
REM conflict with our own (mainly the DevKit)
SET PATH=%RUBY_BIN%;%PATH%
SET RUBY_BIN=

REM Display Ruby version
ruby.exe -v

========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 14:23:38 ====