Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016 Ran by Damian (24-10-2016 16:01:59) Run:1 Running from C:\Users\Damian\Desktop\New folder (2) Loaded Profiles: Damian (Available Profiles: Damian) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Providers\4zal1oor: D:\Games\\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\7e5sbqvr: D:\WarThunder\\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\7ghu9wiw: C:\Users\Damian\AppData\Local\Google\Chrome\User Data_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\8bw0hcc5: D:\Program Files_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\9nd72gsa: D:\Program Files\\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\cjykwm5j: C:\Users\Damian\AppData\Local\Temp_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\epimjqss: C:\Users\Damian\AppData\Local\Temp\local64spl.dll HKLM\...\Providers\galolxb9: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll HKLM\...\Providers\iwr6e3cd: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\k9cdgcb9: C:\Windows\Temp_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\kkoaepst: C:\Users\Damian\AppData\LocalLow\Youtube AdBlock\local64spl.dll HKLM\...\Providers\pbn9jxvc: D:\WarThunder_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\qbim8086: C:\\local64spl.dll HKLM\...\Providers\sbjf3l69: C:\_\local64spl.dll HKLM\...\Providers\smq66f0w: C:\Users\Damian\AppData\LocalLow\Youtube AdBlock_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\wc5tncty: D:\Program Files (x86)\\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\y53f4qk0: D:\Games_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\yle1tx80: D:\Program Files (x86)_\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\zh0e3rcp: C:\Windows\Temp\local64spl.dll [142848 2016-10-23] () HKLM\...\Providers\zn9pq19j: C:\Users\Damian\AppData\Local\Google\Chrome\User Data\local64spl.dll [142848 2016-10-23] () Task: {7C8CD26E-6569-4FB0-90AD-284763AAFCC7} - System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5 => Rundll32.exe "C:\Program Files (x86)\AMD\dp0irx.dll",e62dc6c6547f46bda862da2d05af6862 Task: {E373130B-FB5C-4E8C-A6F7-BEAAC30B39A4} - \Fekutain Renew -> No File <==== ATTENTION Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION NETSVCx32: HpSvc -> no filepath. S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X] HKU\S-1-5-21-938549846-2126480309-1688900008-1001\...\Run: [GalaxyClient] => [X] GroupPolicy: Restriction - Chrome <======= ATTENTION BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\XK9jjMtbSm.dll => No File BHO: No Name -> {F525CC93-970E-4841-8524-C7A087F4B650} -> No File BHO-x32: No Name -> {F525CC93-970E-4841-8524-C7A087F4B650} -> No File DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 DeleteKey: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware DeleteKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\local64spl.dll.ini C:\_ C:\Program Files\Aiduwb C:\Program Files\AiduwbUn C:\Program Files\Plumbytes Software C:\Program Files (x86)\AMD\dp0irx.dll C:\Program Files (x86)\Temp C:\Program Files (x86)\UCBrowser C:\Program Files (x86)\Youtube AdBlock_ C:\ProgramData\AVAST Software C:\ProgramData\Avg C:\ProgramData\Avira C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk C:\TOSTACK C:\Users\Damian\AppData\Local\CEF C:\Users\Damian\AppData\Local\Google\Chrome\User Data\local64spl.dll C:\Users\Damian\AppData\Local\Google\Chrome\User Data_ C:\Users\Damian\AppData\Local\Temp_ C:\Users\Damian\AppData\Local\Tempfolder C:\Users\Damian\AppData\Local\UCBrowser C:\Users\Damian\AppData\LocalLow\Company C:\Users\Damian\AppData\LocalLow\Youtube AdBlock_ C:\Users\Damian\AppData\Roaming\SimpleNotepad4 C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk C:\Users\Damian\Downloads\*.torrent C:\Windows\Temp_ C:\Windows\system32\yrui C:\Windows\SysWOW64\kz.exe D:\Games\local64spl.dll D:\Games_ D:\Program Files (x86)\local64spl.dll D:\Program Files (x86)_ D:\Program Files\local64spl.dll D:\Program Files_ D:\WarThunder\local64spl.dll D:\WarThunder_ Hosts: StartBatch: ipconfig /flushdns netsh advfirewall reset EndBatch: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\4zal1oor" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 4zal1oor => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\7e5sbqvr" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 7e5sbqvr => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\7ghu9wiw" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 7ghu9wiw => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\8bw0hcc5" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 8bw0hcc5 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\9nd72gsa" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order 9nd72gsa => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\cjykwm5j" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order cjykwm5j => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\epimjqss" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order epimjqss => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\galolxb9" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order galolxb9 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\iwr6e3cd" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order iwr6e3cd => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\k9cdgcb9" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order k9cdgcb9 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\kkoaepst" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order kkoaepst => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\pbn9jxvc" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order pbn9jxvc => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\qbim8086" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order qbim8086 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\sbjf3l69" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order sbjf3l69 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\smq66f0w" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order smq66f0w => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\wc5tncty" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order wc5tncty => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\y53f4qk0" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order y53f4qk0 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\yle1tx80" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order yle1tx80 => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\zh0e3rcp" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order zh0e3rcp => removed successfully "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\zn9pq19j" => key removed successfully HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order zn9pq19j => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C8CD26E-6569-4FB0-90AD-284763AAFCC7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C8CD26E-6569-4FB0-90AD-284763AAFCC7}" => key removed successfully C:\Windows\System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4b61d06ef0356dc7e0a79eadfc7c48a5" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E373130B-FB5C-4E8C-A6F7-BEAAC30B39A4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E373130B-FB5C-4E8C-A6F7-BEAAC30B39A4}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fekutain Renew => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs HpSvc => removed successfully EasyAntiCheatSys => service removed successfully HKU\S-1-5-21-938549846-2126480309-1688900008-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}" => key removed successfully "HKCR\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F525CC93-970E-4841-8524-C7A087F4B650}" => key removed successfully HKCR\CLSID\{F525CC93-970E-4841-8524-C7A087F4B650} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F525CC93-970E-4841-8524-C7A087F4B650}" => key removed successfully HKCR\Wow6432Node\CLSID\{F525CC93-970E-4841-8524-C7A087F4B650} => key not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => could not remove at first attempt (ErrorCode: C0000121), see next line. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => key removed successfully HKLM\SOFTWARE\Microsoft\Microsoft Antimalware => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Microsoft\Microsoft Antimalware => key removed successfully HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths => key removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions => key removed successfully HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully C:\local64spl.dll.ini => moved successfully C:\_ => moved successfully C:\Program Files\Aiduwb => moved successfully C:\Program Files\AiduwbUn => moved successfully C:\Program Files\Plumbytes Software => moved successfully "C:\Program Files (x86)\AMD\dp0irx.dll" => not found. C:\Program Files (x86)\Temp => moved successfully C:\Program Files (x86)\UCBrowser => moved successfully C:\Program Files (x86)\Youtube AdBlock_ => moved successfully C:\ProgramData\AVAST Software => moved successfully C:\ProgramData\Avg => moved successfully C:\ProgramData\Avira => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully C:\TOSTACK => moved successfully C:\Users\Damian\AppData\Local\CEF => moved successfully C:\Users\Damian\AppData\Local\Google\Chrome\User Data\local64spl.dll => moved successfully C:\Users\Damian\AppData\Local\Google\Chrome\User Data_ => moved successfully C:\Users\Damian\AppData\Local\Temp_ => moved successfully C:\Users\Damian\AppData\Local\Tempfolder => moved successfully C:\Users\Damian\AppData\Local\UCBrowser => moved successfully C:\Users\Damian\AppData\LocalLow\Company => moved successfully C:\Users\Damian\AppData\LocalLow\Youtube AdBlock_ => moved successfully C:\Users\Damian\AppData\Roaming\SimpleNotepad4 => moved successfully C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => moved successfully C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk => moved successfully C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk => moved successfully C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 => moved successfully C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk => moved successfully C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk => moved successfully =========== "C:\Users\Damian\Downloads\*.torrent" ========== C:\Users\Damian\Downloads\07064F8397F28B86D43D8B7AAC7F08BE2AF4F6BF.torrent => moved successfully C:\Users\Damian\Downloads\0BCEB4D42549F33B8F421BC865AA514ED553A44A (1).torrent => moved successfully C:\Users\Damian\Downloads\0BCEB4D42549F33B8F421BC865AA514ED553A44A.torrent => moved successfully C:\Users\Damian\Downloads\14B58D3A0F58D28B12A81321FC9811507B8E0DFE.torrent => moved successfully C:\Users\Damian\Downloads\3B24AABBF141C0539BB449C0CE1C1AB0FB5072A6 (1).torrent => moved successfully C:\Users\Damian\Downloads\3B24AABBF141C0539BB449C0CE1C1AB0FB5072A6.torrent => moved successfully C:\Users\Damian\Downloads\EEB9451DAEC7FE7EAA3EC62B86E5E9F13D355531.torrent => moved successfully ========= End -> "C:\Users\Damian\Downloads\*.torrent" ======== C:\Windows\Temp_ => moved successfully C:\Windows\system32\yrui => moved successfully C:\Windows\SysWOW64\kz.exe => moved successfully D:\Games\local64spl.dll => moved successfully D:\Games_ => moved successfully D:\Program Files (x86)\local64spl.dll => moved successfully D:\Program Files (x86)_ => moved successfully D:\Program Files\local64spl.dll => moved successfully D:\Program Files_ => moved successfully D:\WarThunder\local64spl.dll => moved successfully D:\WarThunder_ => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= Batch: ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. Ok. ========= End of Batch: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10474640 B Java, Flash, Steam htmlcache => 52874154 B Windows/system/drivers => 611712 B Edge => 0 B Chrome => 8057469 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 0 B Damian => 227200125 B RecycleBin => 0 B EmptyTemp: => 293.4 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 16:02:14 ====