Fix result of Farbar Recovery Scan Tool (x64) Version: 27-10-2025 Ran by LES (28-10-2025 21:09:23) Run:1 Running from G:\FRST Loaded Profiles: LES Boot Mode: Normal ============================================== fixlist content: ***************** Start:: CreateRestorePoint: CloseProcesses: Folder:C:\Users\LES\AppData\Roaming\Microsoft\cmder GroupPolicy: Restriction ? Policies: C:\ProgramData\NTUSER.pol: Restriction HKU\S-1-5-21-1730331833-48218207-765977278-1001\...\Policies\Explorer: [DisallowRun] 0 HKU\S-1-5-21-1730331833-48218207-765977278-1001\...\Policies\Explorer: [] HKU\S-1-5-21-1730331833-48218207-765977278-1001\SOFTWARE\Policies\Google: Restriction Task: {79196E12-F082-4478-801D-5C388D50E2D9} - System32\Tasks\Microsoft\Windows\Defrag\cmder => C:\Users\LES\AppData\Roaming\Microsoft\cmder\cmder.exe [14951875 2024-10-29] () [File not signed] Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) FF Plugin-x32: @softnyxNpruntime -> "C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll" [No File] S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] AlternateDataStreams: C:\Windows\tracing:? [16] FirewallRules: [TCP Query User{EDF59513-B20E-4F7A-B4CC-818AE23BE4CE}F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe => No File FirewallRules: [UDP Query User{B1404B50-E5E1-4D7F-9A27-4F808A8ACE15}F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe => No File Powershell:Unregister-ScheduledTask "Activation-Renewal" -Confirm:$False Powershell:Remove-MpPreference -ExclusionPath "C:\Users\LES\AppData\Roaming" C:\Users\LES\AppData\Roaming\Microsoft\cmder StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000005 "ConsentPromptBehaviorUser"=dword:00000003 "EnableLUA"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Warn" [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes] [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction] EndRegedit: StartPowershell: C:\Windows\SysWOW64\lodctr.exe /R C:\Windows\System32\lodctr.exe /R winmgmt.exe /resyncperf Get-MpPreference | fl Get-MpComputerStatus | fl & "C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate -MMPC EndPowershell: EmptyTemp: End:: ***************** Restore point was successfully created. Processes closed successfully. ========================= Folder:C:\Users\LES\AppData\Roaming\Microsoft\cmder ======================== 2024-10-29 13:05 - 2024-10-29 13:05 - 014951875 ____A [346C7F88ADC638E0E76DCB867C85FD28] () [File not signed] C:\Users\LES\AppData\Roaming\Microsoft\cmder\cmder.exe ====== End of Folder: ====== "C:\Windows\system32\GroupPolicy\Machine" Folder move: C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully "HKU\S-1-5-21-1730331833-48218207-765977278-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully "HKU\S-1-5-21-1730331833-48218207-765977278-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully HKU\S-1-5-21-1730331833-48218207-765977278-1001\SOFTWARE\Policies\Google => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79196E12-F082-4478-801D-5C388D50E2D9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79196E12-F082-4478-801D-5C388D50E2D9}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\cmder => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\cmder" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully HKLM\Software\Wow6432Node\MozillaPlugins\@softnyxNpruntime => removed successfully HKLM\System\CurrentControlSet\Services\EAAntiCheat => removed successfully EAAntiCheat => service removed successfully C:\Windows\tracing => ":?" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EDF59513-B20E-4F7A-B4CC-818AE23BE4CE}F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B1404B50-E5E1-4D7F-9A27-4F808A8ACE15}F:\steamlibrary\steamapps\common\battlefield 4\bf4.exe" => removed successfully ========= Unregister-ScheduledTask "Activation-Renewal" -Confirm:$False =========