Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2020 Ran by mewtw_000 (10-12-2020 01:32:40) Run:2 Running from C:\Users\mewtw_000\Desktop Loaded Profiles: mewtw_000 Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" Unlock: C:\ProgramData\NTUSER.pol Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION CreateDummy: C:\ProgramData\NTUSER.pol REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2020-12-07] (Microsoft Corporation) [File not signed] <==== ATTENTION C:\Program Files\Common Files\System\symsrv.dll Unlock: C:\Program Files\Common Files\System\symsrv.dll CreateDummy: C:\Program Files\Common Files\System\symsrv.dll REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_DLLs /d 0 /f REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /d "" /f REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" Task: {E48B989B-767B-436E-BBDB-98DFFDA9321F} - System32\Tasks\AdwCleaner_onReboot => C:\Users\mewtw_000\Desktop\AdwCleaner.exe [8525431 2020-12-07] (Malwarebytes) [File not signed] CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: ***************** Processes closed successfully. "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" => was unlocked "C:\ProgramData\NTUSER.pol" => was unlocked C:\ProgramData\NTUSER.pol => moved successfully C:\ProgramData\NTUSER.pol => dummy created successfully. ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (Default) REG_SZ mnmsrvc AppInit_DLLs REG_SZ DdeSendTimeout REG_DWORD 0x0 DesktopHeapLogging REG_DWORD 0x1 DeviceNotSelectedTimeout REG_SZ 15 DwmInputUsesIoCompletionPort REG_DWORD 0x1 EnableDwmInputProcessing REG_DWORD 0x7 GDIProcessHandleQuota REG_DWORD 0x2710 IconServiceLib REG_SZ IconCodecService.dll LoadAppInit_DLLs REG_DWORD 0x0 NaturalInputHandler REG_SZ Ninput.dll ShutdownWarningDialogTimeout REG_DWORD 0xffffffff Spooler REG_SZ yes ThreadUnresponsiveLogTimeout REG_DWORD 0x1f4 TransmissionRetryTimeout REG_SZ 90 USERNestedWindowLimit REG_DWORD 0x32 USERPostMessageLimit REG_DWORD 0x2710 USERProcessHandleQuota REG_DWORD 0x2710 Win32kLastWriteTime REG_SZ 1D6BB88DFBC13A4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32knsWPP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32kWPP ========= End of Reg: ========= "C:\PROGRA~1\COMMON~1\System\symsrv.dll" => Value data removed successfully C:\Program Files\Common Files\System\symsrv.dll => moved successfully "C:\Program Files\Common Files\System\symsrv.dll" => not found C:\Program Files\Common Files\System\symsrv.dll => dummy created successfully. ========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_DLLs /d 0 /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /d "" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (Default) REG_SZ mnmsrvc AppInit_DLLs REG_SZ DdeSendTimeout REG_DWORD 0x0 DesktopHeapLogging REG_DWORD 0x1 DeviceNotSelectedTimeout REG_SZ 15 DwmInputUsesIoCompletionPort REG_DWORD 0x1 EnableDwmInputProcessing REG_DWORD 0x7 GDIProcessHandleQuota REG_DWORD 0x2710 IconServiceLib REG_SZ IconCodecService.dll LoadAppInit_DLLs REG_SZ 0 NaturalInputHandler REG_SZ Ninput.dll ShutdownWarningDialogTimeout REG_DWORD 0xffffffff Spooler REG_SZ yes ThreadUnresponsiveLogTimeout REG_DWORD 0x1f4 TransmissionRetryTimeout REG_SZ 90 USERNestedWindowLimit REG_DWORD 0x32 USERPostMessageLimit REG_DWORD 0x2710 USERProcessHandleQuota REG_DWORD 0x2710 Win32kLastWriteTime REG_SZ 1D6BB88DFBC13A4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32knsWPP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32kWPP ========= End of Reg: ========= "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E48B989B-767B-436E-BBDB-98DFFDA9321F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E48B989B-767B-436E-BBDB-98DFFDA9321F}" => removed successfully C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removed successfully ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" ========= ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 01:35:37 ====