Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01 Ran by deckx (17-06-2018 00:17:10) Run:1 Running from C:\Users\Safe\Desktop Loaded Profiles: deckx & Safe (Available Profiles: deckx & Safe & test & MSSQL$SQLEXPRESS & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File CHR HomePage: Default -> mail.ru/cnt/20595300?rciguc__PARAM__ S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X] <==== ATTENTION R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-29] (DotC United Inc) <==== ATTENTION S3 cpuz134; \??\C:\Users\deckx\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 2018-06-15 23:31 - 2016-04-29 15:19 - 000003080 _____ C:\Windows\System32\Tasks\MailRuUpdater CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\deckx\AppData\Roaming\inminet\sencolny.dll => No File <==== ATTENTION ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll -> No File ContextMenuHandlers3: [QMSoftExt] -> {754DF2CE-51E8-4895-B53C-6381418B84AE} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\FileSmash\QMSoftExt64.dll -> No File Task: {4720B4A9-55A3-423B-AC31-C29DD0B4CA53} - System32\Tasks\MailRuUpdater => C:\Users\deckx\AppData\Local\Mail.Ru\MailRuUpdater.exe <==== ATTENTION Task: {529C265C-12A1-443C-8C54-031C67E6E53B} - \ProPCCleaner_Start -> No File <==== ATTENTION Task: {75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2} - \osTip -> No File <==== ATTENTION Task: {98923B31-D77D-4603-B0F1-B6FCED0E3601} - \ProPCCleaner_Popup -> No File <==== ATTENTION Task: {CA5760CC-10AE-4536-BB49-D2C5E23AD438} - \Pwtyfemuk Cache -> No File <==== ATTENTION AlternateDataStreams: C:\Users\Public\AppData:CSM [476] 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com Hosts: FirewallRules: [{5F6136AB-B6C3-4EB2-91FB-5B0A39285B35}] => (Allow) C:\Users\deckx\AppData\Local\Temp\java.exe FirewallRules: [{99DFD5FF-5D9E-4736-953C-A050EF064125}] => (Allow) C:\Users\deckx\AppData\Local\Temp\java.exe EmptyTemp: ***************** Restore point was successfully created. "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => removed successfully "HKLM\Software\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => removed successfully "Chrome HomePage" => removed successfully HKLM\System\CurrentControlSet\Services\MPCProtectService => could not remove, key could be protected MPCKpt => Unable to stop service. HKLM\System\CurrentControlSet\Services\MPCKpt => could not remove, key could be protected "HKLM\System\CurrentControlSet\Services\cpuz134" => removed successfully cpuz134 => service removed successfully "HKLM\System\CurrentControlSet\Services\MSICDSetup" => removed successfully MSICDSetup => service removed successfully "HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C" => removed successfully NTIOLib_1_0_C => service removed successfully "HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully VGPU => service removed successfully "HKLM\System\CurrentControlSet\Services\xhunter1" => removed successfully xhunter1 => service removed successfully C:\Windows\System32\Tasks\MailRuUpdater => moved successfully "HKU\S-1-5-21-3377807318-2724434003-2614323792-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => removed successfully "HKLM\Software\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => removed successfully "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\QMSoftExt" => removed successfully "HKLM\Software\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4720B4A9-55A3-423B-AC31-C29DD0B4CA53}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4720B4A9-55A3-423B-AC31-C29DD0B4CA53}" => removed successfully "C:\Windows\System32\Tasks\MailRuUpdater" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MailRuUpdater" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{529C265C-12A1-443C-8C54-031C67E6E53B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529C265C-12A1-443C-8C54-031C67E6E53B}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\osTip => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98923B31-D77D-4603-B0F1-B6FCED0E3601}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98923B31-D77D-4603-B0F1-B6FCED0E3601}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA5760CC-10AE-4536-BB49-D2C5E23AD438}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA5760CC-10AE-4536-BB49-D2C5E23AD438}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pwtyfemuk Cache => not found C:\Users\Public\AppData => ":CSM" ADS removed successfully 127.0.0.1 down.baidu2016.com => Error: No automatic fix found for this entry. 127.0.0.1 123.sogou.com => Error: No automatic fix found for this entry. 127.0.0.1 www.czzsyzgm.com => Error: No automatic fix found for this entry. 127.0.0.1 www.czzsyzxl.com => Error: No automatic fix found for this entry. 127.0.0.1 union.baidu2019.com => Error: No automatic fix found for this entry. Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F6136AB-B6C3-4EB2-91FB-5B0A39285B35}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99DFD5FF-5D9E-4736-953C-A050EF064125}" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9092195 B Java, Flash, Steam htmlcache => 55101963 B Windows/system/drivers => 66897206 B Edge => 0 B Chrome => 749334832 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 33125 B Public => 0 B ProgramData => 0 B systemprofile => 33253 B systemprofile32 => 36181 B LocalService => 0 B NetworkService => 0 B deckx => 924724254 B Safe => 5450340654 B test => 317313 B MSSQL$SQLEXPRESS => 33125 B DefaultAppPool => 33125 B RecycleBin => 82161586 B EmptyTemp: => 6.8 GB temporary data Removed. ================================