Fix result of Farbar Recovery Scan Tool (x64) Version:05-05-2016 01 Ran by Safe (2016-05-05 09:04:06) Run:1 Running from C:\Users\Safe\Desktop Loaded Profiles: Safe (Available Profiles: deckx & Safe) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\deckx\AppData\Roaming\inminet\sencolny.dll => No File <==== ATTENTION Task: {4720B4A9-55A3-423B-AC31-C29DD0B4CA53} - System32\Tasks\MailRuUpdater => C:\Users\deckx\AppData\Local\Mail.Ru\MailRuUpdater.exe Task: {529C265C-12A1-443C-8C54-031C67E6E53B} - \ProPCCleaner_Start -> No File <==== ATTENTION Task: {75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2} - \osTip -> No File <==== ATTENTION Task: {98923B31-D77D-4603-B0F1-B6FCED0E3601} - \ProPCCleaner_Popup -> No File <==== ATTENTION Task: {CA5760CC-10AE-4536-BB49-D2C5E23AD438} - \Pwtyfemuk Cache -> No File <==== ATTENTION ShortcutWithArgument: C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=821637" ShortcutWithArgument: C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=821637" HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll No File HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR HomePage: Default -> mail.ru/cnt/20595300?rciguc__PARAM__ CHR StartupUrls: Default -> "hxxp://www.hohosearch.com/?mode=nnnb&ptid=ftp&uid=AA11766496ECB13683B47973E291581A&v=20160425&ts=AHEqAHYoAH0nBk.." S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X] S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\deckx\AppData\Local\Mail.Ru C:\Program Files (x86)\Tencent C:\Program Files (x86)\MPC Cleaner C:\Windows\system32\Drivers\MPCKpt.sys C:\Users\Public\Thunder Network C:\Windows\System32\Tasks\MailRuUpdater Hosts: EmptyTemp: end ***************** Error: (0) Failed to create a restore point. Processes closed successfully. HKU\S-1-5-21-3377807318-2724434003-2614323792-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4720B4A9-55A3-423B-AC31-C29DD0B4CA53} => key could not remove. Access Denied. C:\Windows\System32\Tasks\MailRuUpdater => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MailRuUpdater => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529C265C-12A1-443C-8C54-031C67E6E53B} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\osTip => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98923B31-D77D-4603-B0F1-B6FCED0E3601} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA5760CC-10AE-4536-BB49-D2C5E23AD438} => key could not remove. Access Denied. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pwtyfemuk Cache => key could not remove. Access Denied. C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully. C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk => Shortcut argument removed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Error setting value. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon => key could not remove. Access Denied. HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key could not remove. Access Denied. HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key could not remove. Access Denied. HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key could not remove. Access Denied. HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key could not remove. Access Denied. HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key could not remove. Access Denied. Chrome HomePage => removed successfully Chrome StartupUrls => not found. MPCProtectService => service could not remove AODDriver4.1 => service could not remove MSICDSetup => service could not remove NTIOLib_1_0_C => service could not remove VGPU => service could not remove xhunter1 => service could not remove C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk => moved successfully "C:\Users\deckx\AppData\Local\Mail.Ru" => not found. "C:\Program Files (x86)\Tencent" => not found. "C:\Program Files (x86)\MPC Cleaner" => not found. Could not move "C:\Windows\system32\Drivers\MPCKpt.sys" => Scheduled to move on reboot. C:\Users\Public\Thunder Network => moved successfully "C:\Windows\System32\Tasks\MailRuUpdater" => not found. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not restore Hosts. EmptyTemp: => 1.4 GB temporary data Removed.