Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024 Ran by Administrator (22-10-2024 17:55:04) Run:2 Running from C:\Users\Administrator\Desktop Loaded Profiles: tehke & terry & Terryc & Administrator Boot Mode: Normal ============================================== fixlist content: ***************** Start:: CreateRestorePoint: CloseProcesses: HKLM\...\StartupApproved\Run: => "RZTHXHelper" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RzAppEngine" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RazerAxon" FirewallRules: [TCP Query User{3EF70458-7853-4778-957B-971A239CD69E}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File FirewallRules: [UDP Query User{C57AF867-3C79-4791-9486-B0E91AF495C5}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File FirewallRules: [{456558FA-2316-4DFD-8395-58AC65B6CD0D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File FirewallRules: [{B640A35D-83A9-493E-A12A-AA660ADF280D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File FirewallRules: [TCP Query User{A855FABB-F41E-47EF-9A9E-2C547C249745}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File FirewallRules: [UDP Query User{BA565023-7C4D-4A60-8418-F3BFDB4700D4}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File) HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\Software\Policies\...\system: [EnableActivityFeed] 0 HKLM\Software\Policies\...\system: [PublishUserActivities] 0 HKLM\Software\Policies\...\system: [UploadUserActivities] 0 HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0 HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [DAEMON Tools Lite Automount] => "G:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [HideSCAMeetNow] 1 HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\MountPoints2: {ac8a5ee2-acb9-11ec-8aed-106fd99e34c8} - "E:\setup.EXE" /AUTORUN HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RzAppEngine] => "C:\Program Files\Razer\RzAppEngine\rzappengine.exe" --start-hidden --url-params=apps=virtual-ring-light,streamer-companion-app,spatial-audio&autoStart=1 (No File) HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [Synapse3] => "C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized (No File) HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File) HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION S3 Disc Soft Lite Bus Service; "G:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X] S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc) S3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc) S3 RzDev_0095; C:\WINDOWS\System32\drivers\RzDev_0095.sys [56728 2020-12-10] (Razer USA Ltd. -> Razer Inc) 2024-10-20 18:27 - 2024-10-20 18:27 - 000001393 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WickrMe.lnk 2024-10-20 18:27 - 2024-10-20 18:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wickr, LLC 2024-10-20 18:27 - 2022-02-14 20:20 - 000000000 ____D C:\ProgramData\McAfee 2024-10-02 00:00 - 2023-02-23 22:19 - 000000000 ____D C:\Program Files\Razer 2024-10-02 00:00 - 2022-08-02 02:39 - 000000000 ____D C:\Users\terry\AppData\Local\Razer 2024-10-02 00:00 - 2022-04-07 16:00 - 000000000 ____D C:\Users\Terryc\AppData\Local\Razer 2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\ProgramData\Razer 2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\Program Files (x86)\Razer 2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\Users\tehke\AppData\Local\Razer 2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2024-10-01 23:54 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Razer HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "Synapse3" C:\WINDOWS\System32\drivers\RzCommon.sys C:\WINDOWS\System32\drivers\RzDev_0094.sys C:\WINDOWS\System32\drivers\RzDev_0095.sys DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 EmptyTemp: End:: ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RZTHXHelper" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RZTHXHelper" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\RazerCortex" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RazerCortex" => not found "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RzAppEngine" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RzAppEngine" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RazerAxon" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RazerAxon" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3EF70458-7853-4778-957B-971A239CD69E}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C57AF867-3C79-4791-9486-B0E91AF495C5}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{456558FA-2316-4DFD-8395-58AC65B6CD0D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B640A35D-83A9-493E-A12A-AA660ADF280D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A855FABB-F41E-47EF-9A9E-2C547C249745}G:\games\nba 2k22\nba2k22.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA565023-7C4D-4A60-8418-F3BFDB4700D4}G:\games\nba 2k22\nba2k22.exe" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RZTHXHelper" => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\EnableActivityFeed" => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\PublishUserActivities" => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\UploadUserActivities" => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\AllowClipboardHistory" => removed successfully "HKLM\Software\Policies\Microsoft\Windows\System\\AllowCrossDeviceClipboard" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1" => removed successfully HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac8a5ee2-acb9-11ec-8aed-106fd99e34c8} => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Synapse3" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Software\Microsoft\Windows\CurrentVersion\Run\\RazerAxon" => not found "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Software\Microsoft\Windows\CurrentVersion\Run\\RzAppEngine" => not found "HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Synapse3" => removed successfully "HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Synapse3" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully HKLM\System\CurrentControlSet\Services\Disc Soft Lite Bus Service => removed successfully Disc Soft Lite Bus Service => service removed successfully HKLM\System\CurrentControlSet\Services\RzCommon => removed successfully RzCommon => service removed successfully HKLM\System\CurrentControlSet\Services\RzDev_0094 => removed successfully RzDev_0094 => service removed successfully HKLM\System\CurrentControlSet\Services\RzDev_0095 => removed successfully RzDev_0095 => service removed successfully C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WickrMe.lnk => moved successfully "C:\Users\Administrator\AppData\Local\Wickr, LLC" Folder move: C:\Users\Administrator\AppData\Local\Wickr, LLC => moved successfully "C:\ProgramData\McAfee" Folder move: C:\ProgramData\McAfee => moved successfully "C:\Program Files\Razer" Folder move: C:\Program Files\Razer => moved successfully "C:\Users\terry\AppData\Local\Razer" Folder move: C:\Users\terry\AppData\Local\Razer => moved successfully "C:\Users\Terryc\AppData\Local\Razer" Folder move: C:\Users\Terryc\AppData\Local\Razer => moved successfully "C:\ProgramData\Razer" Folder move: C:\ProgramData\Razer => moved successfully "C:\Program Files (x86)\Razer" Folder move: C:\Program Files (x86)\Razer => moved successfully "C:\Users\tehke\AppData\Local\Razer" Folder move: C:\Users\tehke\AppData\Local\Razer => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer" Folder move: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer => moved successfully "C:\Users\Administrator\AppData\Local\Razer" Folder move: C:\Users\Administrator\AppData\Local\Razer => moved successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Synapse3" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Synapse3" => not found "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Synapse3" => removed successfully "HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Synapse3" => not found C:\WINDOWS\System32\drivers\RzCommon.sys => moved successfully C:\WINDOWS\System32\drivers\RzDev_0094.sys => moved successfully C:\WINDOWS\System32\drivers\RzDev_0095.sys => moved successfully HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14779366 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 275463311 B Edge => 0 B Chrome => 66475322 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 1003077 B systemprofile32 => 1633993 B LocalService => 6652456 B NetworkService => 7019176 B tehke => 1816095562 B defaultuser100000 => 1816095562 B terry => 1847639795 B Terryc => 1847679404 B defaultuser100000.LAPTOP-D982FIHM => 1847679404 B Administrator => 1878745476 B RecycleBin => 6137478519 B EmptyTemp: => 16.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-10-2024 17:57:27) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected ==== End of Fixlog 17:57:27 ====