Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Oskar_2 (2016-04-04 20:06:46) Run:1 Running from C:\Users\Oskar_2\Desktop Loaded Profiles: Oskar_2 (Available Profiles: Oskar_2) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: R2 lhgu; C:\ProgramData\\lhgu\\lhgu.exe [529408 2016-03-20] () [File not signed] R2 Lhtao; C:\Users\Oskar_2\AppData\Roaming\Kyiadare\Kyiadare.exe [174464 2016-03-18] () R2 Mofovoil; C:\Users\Oskar_2\AppData\Roaming\Bouriwy\Bouriwy.exe [174448 2016-03-19] () R2 Ruvsi; C:\Users\Oskar_2\AppData\Roaming\PiptoEtane\Ciwfof.exe [125808 2016-03-19] () R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [89840 2016-03-08] (Huorong Borui (Beijing) Technology Co., Ltd.) S2 ktip; "C:\Program Files\ktip\ktip.exe" /s iid=5674489 did=APSFTuto4PC sid=11 ref=98755442-2698-501e-053b-7d3f77cf59dc-PolicyMac id=32f6c6f0c472cf4f71174deecc12a0aebea8c248a4b5ed713c26dfee92989cf6 [X] S2 Lemxatxi; "C:\Users\Oskar_2\AppData\Roaming\ZafdygCanr\Tomorhuy.exe" -cms [X] S4 sptd2; System32\Drivers\sptd2.sys [X] Task: {1338BD96-7DC0-4FCD-B734-BEBF1FCF8380} - System32\Tasks\AdobeoaUpdate Ver 2015910 => C:\Users\Oskar\AppData\Roaming\wenguanjia\ElTaces.exe Task: {2F6DEDA1-BC2B-4480-AB42-9F83B8A66A4B} - System32\Tasks\Cyelma => C:\PROGRA~1\SHOPPE~1\Elipj.bat Task: {3ABBBCB2-B52E-4753-9E61-5DCF5C66DDCE} - System32\Tasks\{A471D989-5CC2-45A1-9B36-3AD188795DE9} => pcalua.exe -a C:\Users\Oskar\Downloads\GTA_V_Launcher_1_0_440_2.exe -d C:\WINDOWS\system32 Task: {557461C8-1F3F-4860-BCD4-D4506725333E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {5E8C5490-65BC-428A-B596-673603171790} - System32\Tasks\Ukarb => C:\PROGRA~1\GROOVE~1\Kukavawn.bat Task: {7424C173-330E-473D-921A-D44936CCCE44} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {A5AEF42F-B379-4841-ACA4-1355946E08A2} - System32\Tasks\{EB07B9E7-AFE2-43EE-A6FD-93C458AD5ABF} => pcalua.exe -a "D:\Program Files (x86)\Need for Speed Carbon\setup.exe" -d "D:\Program Files (x86)\Need for Speed Carbon" Task: {ACA025F9-B575-4EA2-A38A-13DC2A2D446D} - System32\Tasks\{4225B075-748C-467E-9E2B-06CADF3910B9} => pcalua.exe -a "C:\Program Files (x86)\Object Browser\Uninstall.exe" -c /fcp=1 Task: {BCF1DA28-99A7-425E-8987-E4C58E390079} - System32\Tasks\{FB8EA1CD-C771-4154-8256-CC96C1E0006C} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION Task: {BE9679E9-066F-4FA0-958A-E688B9042A2C} - System32\Tasks\{46FF4027-3BA4-40F5-8B84-CE55AC2AC132} => pcalua.exe -a "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe" -c --uninstall --system-level Task: {C9BEE582-9DAF-47E7-AC69-92A9C607F4FB} - System32\Tasks\A5C721D-BE7C-45DE-BDAB-F2A072F86353 => C:\Users\Oskar\AppData\Local\A5C721D-BE7C-45DE-BDAB-F2A072F86353\A5C721D-BE7C-45DE-BDAB-F2A072F86353.exe <==== ATTENTION Task: {EED17BB3-68BF-4718-9B87-CB8861035BA6} - System32\Tasks\{4A42DEF0-6D88-4ABD-979B-CD6DC8A0CA2F} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/abandoninstall?source=lightinstaller&page=tsInstall Task: C:\WINDOWS\Tasks\AdobeoaUpdate Ver 2015910.job => C:\Users\Oskar\AppData\Roaming\wenguanjia\ElTaces.exe/check_update C:\Users\Oskar\AppData\Roaming\wenguanjia\OSKAR-PC\Oskar(This task detect has update.Ver HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe HKLM-x32\...\Run: [mpck_en_005030271] => [X] HKLM-x32\...\Run: [win_en_77] => [X] HKLM-x32\...\Run: [sun21] => [X] HKLM-x32\...\Run: [rec_pl_229] => [X] HKLM-x32\...\Run: [SystemClose] => D:\Documents\systemfile.exe HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\Run: [svchost0] => C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe HKU\S-1-5-21-4005860982-2939158325-716014447-1008\...\MountPoints2: {e4d41890-7243-11e5-8334-d027884e6a45} - "J:\setup.exe" AppInit_DLLs: C:\ProgramData\lhgu\S-cof.dll => C:\ProgramData\lhgu\S-cof.dll [363520 2016-03-20] () AppInit_DLLs-x32: C:\ProgramData\lhgu\Zentrax.dll => C:\ProgramData\lhgu\Zentrax.dll [257536 2016-03-20] () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicyScripts: Restriction <======= ATTENTION HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1PbwLsaaO-xNshFawgFOQAP4TTSaLHscHiwO2U5tXBIw0Ypnrxpj_fRvywPXzdVPN15iY-ULpTEx6WpnHpLoB0OFfmJTBsuO HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} SearchScopes: HKU\S-1-5-21-4005860982-2939158325-716014447-1008 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} SearchScopes: HKU\S-1-5-21-4005860982-2939158325-716014447-1008 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUDpRKkKqLhA2_PfRubOTcn-D19msW3q_9HIdMvet1jYraV0ERnYPserNrXYMeptSR_eTmZk_sGUi1Pb89ocP6_uXDNzYtgaAQSm6D6oEy2J5deZfp1h7aXzbDCzFZgbmjLd1lUgHDAgdJOEqhJFqTpKwCiOT6s64d4drxCMbcQew&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1458386141&z=39a616c052261f8a4110452gfz9wfb7c2b9q6e1t9z&from=cmi&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&ts=1458472476&z=092799a4db54c4842fe7258g8z0w6bfz0m8o0z9o2q&from=face&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 ShortcutWithArgument: C:\Users\Oskar_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=1458472476&z=092799a4db54c4842fe7258g8z0w6bfz0m8o0z9o2q&from=face&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursearching.com/?type=sc&ts=1458472476&z=092799a4db54c4842fe7258g8z0w6bfz0m8o0z9o2q&from=face&uid=ST500DM002-1BD142_Z2AQEPN3XXXXZ2AQEPN3 DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I DeleteKey: HKCU\Software\dobreprogramy C:\Program Files (x86)\AdwCleaner C:\Program Files (x86)\badu C:\Program Files (x86)\Lenovo C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\UCBrowser C:\ProgramData\Konksolexs C:\ProgramData\lhgu C:\ProgramData\lhgus C:\ProgramData\Mozilla C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC C:\uninst C:\Users\Oskar_2\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 C:\Users\Oskar_2\AppData\Local\Tempunpacker.exe C:\Users\Oskar_2\AppData\Local\app C:\Users\Oskar_2\AppData\Local\Lenovo C:\Users\Oskar_2\AppData\Local\Mozilla C:\Users\Oskar_2\AppData\Local\Steam\htmlcache C:\Users\Oskar_2\AppData\Local\Tempfolder C:\Users\Oskar_2\AppData\Local\UCBrowser C:\Users\Oskar_2\AppData\LocalLow\Company C:\Users\Oskar_2\AppData\Roaming\*.* C:\Users\Oskar_2\AppData\Roaming\Bouriwy C:\Users\Oskar_2\AppData\Roaming\Kyiadare C:\Users\Oskar_2\AppData\Roaming\MCorp C:\Users\Oskar_2\AppData\Roaming\Mozilla C:\Users\Oskar_2\AppData\Roaming\PiptoEtane C:\Users\Oskar_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Oskar_2\Downloads\*-dp*.exe C:\Users\Oskar_2\Downloads\Torrentex C:\Users\Public\Documents\dmp C:\WINDOWS\system32\eden C:\WINDOWS\system32\hiir C:\WINDOWS\system32\iesa C:\WINDOWS\system32\Drivers\bsdriver.sys C:\WINDOWS\system32\Drivers\cherimoya.sys C:\WINDOWS\system32\Drivers\ucguard.sys C:\WINDOWS\System32\Tasks\Lenovo C:\WINDOWS\SysWOW64\findit.xml C:\WINDOWS\SysWOW64\Number of results DeleteKey: HKCU\Software\Google DeleteKey: HKCU\Software\Mozilla DeleteKey: HKCU\Software\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Google DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\8B140DE3-3691-474C-bF79-96E348EBD612 DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BrsHelper DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\dipubibu DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Disc Soft Lite Bus Service DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Freemake Improver DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdate DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdatem DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gyvixodu DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\lehicewu DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\lulonuji DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\QQPCRTP DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Service KMSELDI DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\shopperz100920151159 Updater DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SPBIUpd DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TAOFrame DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo DeleteKey: HKLM\SOFTWARE\Mozilla DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "CCleaner Monitoring" /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v svchost0 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v shopperz100920151159 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v shopperz10092015115964 /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v IDSCPRODUCT /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SpaceSoundPro /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ProductUpdater /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v wenguanjia /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SPDriver /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SmartWeb /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v YTDownloader /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AvastUI.exe /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v pcmgr /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v apphide /f CMD: ipconfig /flushdns CMD: netsh advfirewall reset Hosts: EmptyTemp: ***************** Processes closed successfully. lhgu => service removed successfully Lhtao => service removed successfully Mofovoil => service removed successfully Ruvsi => service removed successfully UCGuard => Unable to stop service. UCGuard => service removed successfully ktip => service removed successfully Lemxatxi => service removed successfully sptd2 => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1338BD96-7DC0-4FCD-B734-BEBF1FCF8380}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1338BD96-7DC0-4FCD-B734-BEBF1FCF8380}" => key removed successfully C:\WINDOWS\System32\Tasks\AdobeoaUpdate Ver 2015910 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeoaUpdate Ver 2015910" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F6DEDA1-BC2B-4480-AB42-9F83B8A66A4B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F6DEDA1-BC2B-4480-AB42-9F83B8A66A4B}" => key removed successfully C:\WINDOWS\System32\Tasks\Cyelma => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cyelma" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ABBBCB2-B52E-4753-9E61-5DCF5C66DDCE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ABBBCB2-B52E-4753-9E61-5DCF5C66DDCE}" => key removed successfully C:\WINDOWS\System32\Tasks\{A471D989-5CC2-45A1-9B36-3AD188795DE9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A471D989-5CC2-45A1-9B36-3AD188795DE9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{557461C8-1F3F-4860-BCD4-D4506725333E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{557461C8-1F3F-4860-BCD4-D4506725333E}" => key removed successfully C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E8C5490-65BC-428A-B596-673603171790}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E8C5490-65BC-428A-B596-673603171790}" => key removed successfully C:\WINDOWS\System32\Tasks\Ukarb => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ukarb" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7424C173-330E-473D-921A-D44936CCCE44}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7424C173-330E-473D-921A-D44936CCCE44}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5AEF42F-B379-4841-ACA4-1355946E08A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5AEF42F-B379-4841-ACA4-1355946E08A2}" => key removed successfully C:\WINDOWS\System32\Tasks\{EB07B9E7-AFE2-43EE-A6FD-93C458AD5ABF} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB07B9E7-AFE2-43EE-A6FD-93C458AD5ABF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACA025F9-B575-4EA2-A38A-13DC2A2D446D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACA025F9-B575-4EA2-A38A-13DC2A2D446D}" => key removed successfully C:\WINDOWS\System32\Tasks\{4225B075-748C-467E-9E2B-06CADF3910B9} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4225B075-748C-467E-9E2B-06CADF3910B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCF1DA28-99A7-425E-8987-E4C58E390079}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF1DA28-99A7-425E-8987-E4C58E390079}" => key removed successfully C:\WINDOWS\System32\Tasks\{FB8EA1CD-C771-4154-8256-CC96C1E0006C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB8EA1CD-C771-4154-8256-CC96C1E0006C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE9679E9-066F-4FA0-958A-E688B9042A2C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9679E9-066F-4FA0-958A-E688B9042A2C}" => key removed successfully C:\WINDOWS\System32\Tasks\{46FF4027-3BA4-40F5-8B84-CE55AC2AC132} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46FF4027-3BA4-40F5-8B84-CE55AC2AC132}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9BEE582-9DAF-47E7-AC69-92A9C607F4FB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9BEE582-9DAF-47E7-AC69-92A9C607F4FB}" => key removed successfully C:\WINDOWS\System32\Tasks\A5C721D-BE7C-45DE-BDAB-F2A072F86353 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A5C721D-BE7C-45DE-BDAB-F2A072F86353" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EED17BB3-68BF-4718-9B87-CB8861035BA6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EED17BB3-68BF-4718-9B87-CB8861035BA6}" => key removed successfully C:\WINDOWS\System32\Tasks\{4A42DEF0-6D88-4ABD-979B-CD6DC8A0CA2F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A42DEF0-6D88-4ABD-979B-CD6DC8A0CA2F}" => key removed successfully C:\WINDOWS\Tasks\AdobeoaUpdate Ver 2015910.job => moved successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mpck_en_005030271 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun21 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rec_pl_229 => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SystemClose => value removed successfully HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Windows\CurrentVersion\Run\\svchost0 => value removed successfully "HKU\S-1-5-21-4005860982-2939158325-716014447-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4d41890-7243-11e5-8334-d027884e6a45}" => key removed successfully HKCR\CLSID\{e4d41890-7243-11e5-8334-d027884e6a45} => key not found. "C:\ProgramData\lhgu\S-cof.dll" => Value data removed successfully. "C:\ProgramData\lhgu\Zentrax.dll" => Value data removed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully HKU\S-1-5-21-4005860982-2939158325-716014447-1008\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully HKCR\Wow6432Node\CLSID\ielnksrch => key not found. HKU\S-1-5-21-4005860982-2939158325-716014447-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-4005860982-2939158325-716014447-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully HKCR\CLSID\{ielnksrch} => key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => value restored successfully C:\Users\Oskar_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Shortcut argument removed successfully. HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I => key not found. HKCU\Software\dobreprogramy => key not found. C:\Program Files (x86)\AdwCleaner => moved successfully C:\Program Files (x86)\badu => moved successfully C:\Program Files (x86)\Lenovo => moved successfully C:\Program Files (x86)\Mozilla Firefox => moved successfully "C:\Program Files (x86)\UCBrowser" => not found. C:\ProgramData\Konksolexs => moved successfully C:\ProgramData\lhgu => moved successfully C:\ProgramData\lhgus => moved successfully "C:\ProgramData\Mozilla" => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC => moved successfully C:\uninst => moved successfully C:\Users\Oskar_2\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => moved successfully C:\Users\Oskar_2\AppData\Local\Tempunpacker.exe => moved successfully C:\Users\Oskar_2\AppData\Local\app => moved successfully "C:\Users\Oskar_2\AppData\Local\Lenovo" => not found. "C:\Users\Oskar_2\AppData\Local\Mozilla" => not found. C:\Users\Oskar_2\AppData\Local\Steam\htmlcache => moved successfully C:\Users\Oskar_2\AppData\Local\Tempfolder => moved successfully C:\Users\Oskar_2\AppData\Local\UCBrowser => moved successfully C:\Users\Oskar_2\AppData\LocalLow\Company => moved successfully =========== "C:\Users\Oskar_2\AppData\Roaming\*.*" ========== C:\Users\Oskar_2\AppData\Roaming\agent.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\ApplicationHosting.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\Config.xml => moved successfully C:\Users\Oskar_2\AppData\Roaming\InstallationConfiguration.xml => moved successfully C:\Users\Oskar_2\AppData\Roaming\Installer.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\Kin-Is.exe => moved successfully C:\Users\Oskar_2\AppData\Roaming\Kin-Is.tst => moved successfully C:\Users\Oskar_2\AppData\Roaming\lobby.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\Main.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\md.xml => moved successfully C:\Users\Oskar_2\AppData\Roaming\noah.dat => moved successfully C:\Users\Oskar_2\AppData\Roaming\svchost.exe.tmp => moved successfully C:\Users\Oskar_2\AppData\Roaming\Trustlight.bin => moved successfully C:\Users\Oskar_2\AppData\Roaming\uninstall_temp.ico => moved successfully C:\Users\Oskar_2\AppData\Roaming\VoltTom.exe => moved successfully C:\Users\Oskar_2\AppData\Roaming\VoltTom.tst => moved successfully C:\Users\Oskar_2\AppData\Roaming\Zooair.bin => moved successfully ========= End -> "C:\Users\Oskar_2\AppData\Roaming\*.*" ======== C:\Users\Oskar_2\AppData\Roaming\Bouriwy => moved successfully C:\Users\Oskar_2\AppData\Roaming\Kyiadare => moved successfully C:\Users\Oskar_2\AppData\Roaming\MCorp => moved successfully C:\Users\Oskar_2\AppData\Roaming\Mozilla => moved successfully C:\Users\Oskar_2\AppData\Roaming\PiptoEtane => moved successfully C:\Users\Oskar_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 => moved successfully =========== "C:\Users\Oskar_2\Downloads\*-dp*.exe" ========== C:\Users\Oskar_2\Downloads\Camtasia-Studio-12665-dp.exe => moved successfully C:\Users\Oskar_2\Downloads\FormatFactory-13295-dp.exe => moved successfully C:\Users\Oskar_2\Downloads\Freemake-Video-Converter-20113-dp.exe => moved successfully C:\Users\Oskar_2\Downloads\QuickTime-12821-dp (1).exe => moved successfully C:\Users\Oskar_2\Downloads\QuickTime-12821-dp.exe => moved successfully ========= End -> "C:\Users\Oskar_2\Downloads\*-dp*.exe" ======== C:\Users\Oskar_2\Downloads\Torrentex => moved successfully C:\Users\Public\Documents\dmp => moved successfully C:\WINDOWS\system32\eden => moved successfully C:\WINDOWS\system32\hiir => moved successfully C:\WINDOWS\system32\iesa => moved successfully Could not move "C:\WINDOWS\system32\Drivers\bsdriver.sys" => Scheduled to move on reboot. Could not move "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Scheduled to move on reboot. C:\WINDOWS\system32\Drivers\ucguard.sys => moved successfully C:\WINDOWS\System32\Tasks\Lenovo => moved successfully C:\WINDOWS\SysWOW64\findit.xml => moved successfully C:\WINDOWS\SysWOW64\Number of results => moved successfully HKCU\Software\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKCU\Software\Google => key removed successfully HKCU\Software\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line. HKCU\Software\Mozilla => key removed successfully HKCU\Software\MozillaPlugins => key removed successfully HKLM\SOFTWARE\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Google => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\8B140DE3-3691-474C-bF79-96E348EBD612 => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BrsHelper => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\dipubibu => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Disc Soft Lite Bus Service => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Freemake Improver => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdate => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdatem => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\gyvixodu => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\lehicewu => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\lulonuji => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\QQPCRTP => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Service KMSELDI => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\shopperz100920151159 Updater => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SPBIUpd => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TAOFrame => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => key removed successfully HKLM\SOFTWARE\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Mozilla => key removed successfully HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\MozillaPlugins => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\Google => key removed successfully HKLM\SOFTWARE\Wow6432Node\Mozilla => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\Mozilla => key removed successfully HKLM\SOFTWARE\Wow6432Node\mozilla.org => key not found. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "CCleaner Monitoring" /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v svchost0 /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v shopperz100920151159 /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v shopperz10092015115964 /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v IDSCPRODUCT /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SpaceSoundPro /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v ProductUpdater /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v wenguanjia /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SPDriver /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SmartWeb /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v YTDownloader /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AvastUI.exe /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v pcmgr /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v apphide /f ========= Operacja ukonczona pomyslnie. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 664.5 MB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-04 20:10:03) "C:\WINDOWS\system32\Drivers\bsdriver.sys" => Could not move "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Could not move ==== End of Fixlog 20:10:04 ====