Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2017 01 Ran by essemtec (10-06-2017 21:43:33) Run:1 Running from F:\ Loaded Profiles: essemtec (Available Profiles: essemtec & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: (Microsoft Corporation) C:\Windows\explorer.exe CreateRestorePoint: HKLM\ DisallowedCertificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U) HKLM\ DisallowedCertificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U) HKLM\ DisallowedCertificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U) HKLM\ DisallowedCertificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U) HKLM\ DisallowedCertificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U) HKLM\ DisallowedCertificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U) HKLM\ DisallowedCertificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U) HKLM\ DisallowedCertificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U) HKLM\ DisallowedCertificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U) HKLM\ DisallowedCertificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U) HKLM\ DisallowedCertificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U) HKLM\ DisallowedCertificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U) HKLM\ DisallowedCertificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U) HKLM\ DisallowedCertificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U) HKLM\ DisallowedCertificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U) HKLM\ DisallowedCertificates: 838FFD509DE868F481C29819992E38A4F7082873 (U) HKLM\ DisallowedCertificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U) HKLM\ DisallowedCertificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U) HKLM\ DisallowedCertificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U) HKLM\ DisallowedCertificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U) HKLM\ DisallowedCertificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U) HKLM\ DisallowedCertificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U) HKLM\ DisallowedCertificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U) HKLM\ DisallowedCertificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U) HKLM\ DisallowedCertificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U) HKLM\ DisallowedCertificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U) HKLM\ DisallowedCertificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U) HKLM\ DisallowedCertificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U) HKLM\ DisallowedCertificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U) HKLM\ DisallowedCertificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U) HKLM\ DisallowedCertificates: F5A874F3987EB0A9961A564B669A9050F770308A (U) HKLM\ DisallowedCertificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U) HKU\S-1-5-21-2646437663-3650158834-333150697-1005\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-2646437663-3650158834-333150697-1005\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-2646437663-3650158834-333150697-1005\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 1 HKLM\...\Run: [Bron-Spizaetus] => C:\WINDOWS\ShellNew\sempalong.exe [42713 2009-07-23] () HKLM\...\Winlogon: [Shell] Explorer.exe "C:\WINDOWS\eksplorasi.exe" [x ] () HKU\S-1-5-21-2646437663-3650158834-333150697-1005\...\Run: [Tok-Cirrhatus] => C:\Documents and Settings\essemtec\Local Settings\Application Data\smss.exe [42713 2009-07-23] () HKU\S-1-5-18\...\Run: [Tok-Cirrhatus] => C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe [42713 2009-07-23] () Startup: C:\Documents and Settings\essemtec\Start Menu\Programs\Startup\Empty.pif [2009-07-23] () Startup: C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif [2009-07-23] () GroupPolicy: Restriction ? <======= ATTENTION C:\Documents and Settings\essemtec\Local Settings\Application Data\smss.exe C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe C:\Documents and Settings\essemtec\Start Menu\Programs\Startup\Empty.pif C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif S4 IntelIde; no ImagePath U1 WS2IFSL; no ImagePath 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\csrss.exe 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\inetinfo.exe 2016-09-03 06:39 - 2016-09-03 06:39 - 0000051 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\Kosong.Bron.Tok.txt 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\lsass.exe 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\services.exe 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 _____ () C:\Documents and Settings\essemtec\Local Settings\Application Data\smss.exe 2009-07-23 10:37 - 2009-07-23 10:37 - 0042713 ____N () C:\Documents and Settings\essemtec\Local Settings\Application Data\winlogon.exe Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\essemtec\Templates\Brengkolang.com C:\WINDOWS\Tasks\At1.job C:\Documents and Settings\All Users\Start Menu\Programs\Point Grey Research\PGR FlyCapture\Documentation\Camera\Grasshopper Technical Reference.pdf.lnk C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*.exe C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron* C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron*.* CMD: dir /a C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji EmptyTemp: ***************** Processes closed successfully. C:\Windows\explorer.exe [504] C:\Windows\explorer.exe => process closed successfully. Error: (0) Failed to create a restore point. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\08738A96A4853A52ACEF23F782E8E1FEA7BCED02 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\09271DD621EBD3910C2EA1D059F99B8181405A17 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\23EF3384E21F70F034C467D4CBA6EB61429F174E => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\330D8D3FD325A0E5FDDDA27013A2E75E7130165F => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\374D5B925B0BD83494E656EB8087127275DB83CE => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3A26012171855D4020C973BEC3F4F9DA45BD2B83 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4D8547B7F864132A7F62D9B75B068521F10B68E3 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4DF13947493CFF69CDE554881C5F114E97C3D03B => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\587B59FB52D8A683CBE1CA00E6393D7BB923BC92 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5CE339465F41A1E423149F65544095404DE6EBE2 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5D5185DF1EB7DC76015422EC8138A5724BEE2886 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6690C02B922CBD3FF0D0A5994DBD336592887E3F => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7613BF0BA261006CAC3ED2DDBEF343425357F18B => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\838FFD509DE868F481C29819992E38A4F7082873 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\8977E8569D2A633AF01D0394851681CE122683A6 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1505D9843C826DD67ED4EA5209804BDBB0DF502 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A221D360309B5C3C4097C44CC779ACC5A9845B66 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A35A8C727E88BCCA40A3F9679CE8CA00C26789FD => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A7B5531DDC87129E2C3BB14767953D6745FB14A6 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BED412B1334D7DFCEBA3015E5F9F905D571C45CF => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\C69F28C825139E65A646C434ACA5A1D200295DB1 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D43153C8C25F0041287987250F1E3CABAC8C2177 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E38A2B7663B86796436D8DF5898D9FAA6835B238 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E95DD86F32C771F0341743EBD75EC33C74A3DED9 => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E9809E023B4512AA4D4D53F40569C313C1D0294D => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F5A874F3987EB0A9961A564B669A9050F770308A => key removed successfully. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB => key removed successfully. HKU\S-1-5-21-2646437663-3650158834-333150697-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value removed successfully. HKU\S-1-5-21-2646437663-3650158834-333150697-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully. HKU\S-1-5-21-2646437663-3650158834-333150697-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value removed successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus => value removed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKU\S-1-5-21-2646437663-3650158834-333150697-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value removed successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => value removed successfully. C:\Documents and Settings\essemtec\Start Menu\Programs\Startup\Empty.pif => moved successfully C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif => moved successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\Documents and Settings\essemtec\Local Settings\Application Data\smss.exe => moved successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe => moved successfully "C:\Documents and Settings\essemtec\Start Menu\Programs\Startup\Empty.pif" => not found. "C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Empty.pif" => not found. HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully. IntelIde => service removed successfully. HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully. WS2IFSL => service removed successfully. C:\Documents and Settings\essemtec\Local Settings\Application Data\csrss.exe => moved successfully C:\Documents and Settings\essemtec\Local Settings\Application Data\inetinfo.exe => moved successfully C:\Documents and Settings\essemtec\Local Settings\Application Data\Kosong.Bron.Tok.txt => moved successfully C:\Documents and Settings\essemtec\Local Settings\Application Data\lsass.exe => moved successfully C:\Documents and Settings\essemtec\Local Settings\Application Data\services.exe => moved successfully "C:\Documents and Settings\essemtec\Local Settings\Application Data\smss.exe" => not found. C:\Documents and Settings\essemtec\Local Settings\Application Data\winlogon.exe => moved successfully C:\WINDOWS\Tasks\At1.job => moved successfully "C:\WINDOWS\Tasks\At1.job" => not found. C:\Documents and Settings\All Users\Start Menu\Programs\Point Grey Research\PGR FlyCapture\Documentation\Camera\Grasshopper Technical Reference.pdf.lnk => moved successfully =========== "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*.exe" ========== not found ========= End -> "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*.exe" ======== =========== "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron*" ========== not found ========= End -> "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron*" ======== =========== "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron*.*" ========== not found ========= End -> "C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji\*Bron*.*" ======== ========= dir /a C:\Documents and Settings\essemtec\Ustawienia lokalne\Dane aplikacji ========= The system cannot find the path specified. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 262673 B Java, Flash, Steam htmlcache => 0 B Windows/system/dllcache/drivers => 294483411 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Documents and Settings => 0 B Default User => 253406165 B All Users => 0 B systemprofile => 393742811 B LocalService => 66676 B NetworkService => 66381 B essemtec => 1230790200 B Administrator => 253406165 B RecycleBin => 5028253 B EmptyTemp: => 2.3 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:44:24 ====