Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2019 Ran by bm silverlake (02-06-2019 21:52:47) Run:1 Running from C:\Users\bm silverlake\Desktop Loaded Profiles: bm silverlake (Available Profiles: bm silverlake) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Winlogon: [Userinit] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION S3 mfeavfk01; \Device\mfeavfk01.sys [X] S3 mfencbdc01; \Device\mfencbdc01.sys [X] 2019-05-24 23:00 - 2019-05-24 23:00 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\mbam 2019-05-24 22:59 - 2019-05-24 22:59 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\mbamtray 2019-05-24 22:06 - 2019-05-24 22:24 - 000000000 ____D C:\Users\bm silverlake\AppData\Roaming\Comodo 2019-05-24 22:02 - 2019-05-24 22:23 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\Comodo 2019-05-24 21:07 - 2019-05-24 21:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3578812641-2531012994-4198522184-1003 2019-05-21 18:42 - 2019-05-24 21:47 - 000000000 ____D C:\Users\bm silverlake\AppData\LocalLow\uTorrent 2019-05-12 10:56 - 2019-05-24 20:16 - 000000000 ____D C:\found.000 2019-05-02 21:56 - 2019-05-24 21:26 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\BitTorrentHelper CustomCLSID: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bm silverlake\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bm silverlake\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bm silverlake\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" IE trusted site: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003\...\localhost -> localhost FirewallRules: [{A59DDFF3-2AE0-4D7C-9E16-CD9EBBC00C8F}] => (Allow) C:\Users\bm silverlake\AppData\Roaming\uTorrent\uTorrent.exe No File FirewallRules: [{659CCEEC-9D22-4B50-8973-A4685AFACEAB}] => (Allow) C:\Users\bm silverlake\AppData\Roaming\uTorrent\uTorrent.exe No File EmptyTemp: Hosts: ***************** Error: (0) Failed to create a restore point. Processes closed successfully. "HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit" => not found HKLM\SOFTWARE\Policies\Mozilla => removed successfully HKLM\System\CurrentControlSet\Services\mfeavfk01 => removed successfully mfeavfk01 => service removed successfully HKLM\System\CurrentControlSet\Services\mfencbdc01 => removed successfully mfencbdc01 => service removed successfully C:\Users\bm silverlake\AppData\Local\mbam => moved successfully C:\Users\bm silverlake\AppData\Local\mbamtray => moved successfully C:\Users\bm silverlake\AppData\Roaming\Comodo => moved successfully C:\Users\bm silverlake\AppData\Local\Comodo => moved successfully C:\WINDOWS\System32\Tasks\S-1-5-21-3578812641-2531012994-4198522184-1003 => moved successfully C:\Users\bm silverlake\AppData\LocalLow\uTorrent => moved successfully C:\found.000 => moved successfully C:\Users\bm silverlake\AppData\Local\BitTorrentHelper => moved successfully HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully HKU\S-1-5-21-3578812641-2531012994-4198522184-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MCODS => removed successfully HKU\S-1-5-21-3578812641-2531012994-4198522184-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A59DDFF3-2AE0-4D7C-9E16-CD9EBBC00C8F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{659CCEEC-9D22-4B50-8973-A4685AFACEAB}" => removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27930293 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 173272 B Edge => 40202889 B Chrome => 0 B Firefox => 33539699 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 1046961 B systemprofile32 => 0 B LocalService => 178458 B LocalService => 0 B NetworkService => 80816 B NetworkService => 0 B bm silverlake => 131561013 B RecycleBin => 0 B EmptyTemp: => 232.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:53:16 ====