Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016 Ran by André (2016-02-14 18:56:54) Run:1 Running from C:\Users\André\Desktop Loaded Profiles: André (Available Profiles: André) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] () HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] () HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /DEFAULT HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe /RUNNING HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [-] => C:\ProgramData\msiql.exe /RUNNING HKU\S-1-5-21-4040206143-25492408-1982695725-1001\...\Run: [msiql] => C:\ProgramData\msiql.exe /RUNNING HKU\S-1-5-18\...\Run: [Bus Comp] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\BusComp.dll",#1 <===== ATTENTION HKU\S-1-5-18\...\Run: [Bus Comp2] => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\Bus Comp\{13C5DAFA-E7D7-55BC-2C5F-9C06ACE6B3CC}\humeobf.dll",#1 HKU\S-1-5-18\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ URLSearchHook: [S-1-5-21-4040206143-25492408-1982695725-1001] ATTENTION => Default URLSearchHook is missing URLSearchHook: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File SearchScopes: HKLM -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKLM -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKLM-x32 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> DefaultScope {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {59E9C8B1-74FD-4CB6-A815-9E96102F97BD} URL = hxxp://www.google.com/search?hl={language}&q={searchTerms} SearchScopes: HKU\S-1-5-21-4040206143-25492408-1982695725-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B178427F0-BFC1-45AF-82DE-1C3A3AEC83B9%7D&gp=801510 FF DefaultSearchEngine: ?????@Mail.Ru FF SelectedSearchEngine: ?????@Mail.Ru FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp&gp=801010 FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E6F3BE1-26AE-4E4A-BE73-6E7B0FD96012%7D&gp=801510 FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48 FF Extension: ???????? ???????? Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru [2016-01-03] FF Extension: ?????@Mail.Ru - C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru [2016-01-03] [not signed] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 [2016-01-10] <==== ATTENTION CHR HomePage: Default -> mail.ru/cnt/11956636 CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn11 CHR DefaultSearchKeyword: Default -> mail.ru CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed] R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () S2 Nikkafq; "C:\Users\André\AppData\Roaming\MadkOyo\Jilrosji.exe" -cms [X] S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X] S1 yalyqmdu; \??\C:\WINDOWS\system32\drivers\yalyqmdu.sys [X] 2015-12-25 06:42 - 2015-12-25 06:42 - 00148104 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll 2015-12-25 06:42 - 2015-12-25 06:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe 2015-12-25 06:42 - 2015-12-25 06:42 - 03934344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe 2015-12-25 06:42 - 2015-12-25 06:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll 2015-12-25 06:42 - 2015-12-25 06:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll 2015-12-25 06:41 - 2015-12-25 06:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll 2015-12-25 06:42 - 2015-12-25 06:42 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll 2015-12-25 06:42 - 2015-12-25 06:42 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll 2016-02-14 15:14 - 2016-02-14 15:51 - 00000000 ____D C:\Users\André\AppData\Roaming\CalendarTool 2016-02-14 15:13 - 2016-02-14 15:13 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-02-14 14:48 - 2016-02-14 15:07 - 00000000 ____D C:\AdwCleaner 2016-02-14 14:44 - 2016-02-14 14:45 - 01508352 _____ C:\Users\André\Desktop\AdwCleaner.exe 2016-01-21 06:47 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-01-21 06:46 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-01-21 06:45 - 2016-02-14 15:34 - 00009441 _____ C:\ProgramData\webad.xml 2016-01-21 06:45 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-01-10 07:51 - 2016-02-14 15:50 - 00000000 ____D C:\Program Files (x86)\osTip 2016-01-10 07:39 - 2016-01-10 07:39 - 00000000 ____D C:\Users\André\AppData\Local\Tempfolder 2016-01-10 07:31 - 2016-01-28 19:22 - 00000000 ____D C:\Users\André\AppData\Roaming\LightGate 2016-01-10 07:29 - 2016-01-10 07:29 - 01746288 _____ C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe 2016-01-10 07:29 - 2016-01-10 07:29 - 00000000 ____D C:\Users\André\AppData\Local\Yeaplayer 2016-01-10 07:29 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe 2016-01-10 07:29 - 2015-11-30 15:45 - 02496403 _____ ( ) C:\Users\André\AppData\Roaming\yeaplayer_51479.exe 2016-01-10 07:28 - 2016-01-21 06:45 - 00000000 ____D C:\ProgramData\Windows Update 2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\Users\André\AppData\Roaming\upgsvr.exe 2016-01-10 07:28 - 2016-01-10 14:42 - 01752576 _____ C:\ProgramData\upgsvr.exe 2016-01-10 07:28 - 2016-01-10 07:30 - 00000000 _____ C:\Users\André\AppData\Roaming\svrupg.exe 2016-01-10 07:28 - 2016-01-10 07:28 - 00004782 _____ C:\Users\André\AppData\Roaming\webad.xml 2016-01-10 07:28 - 2016-01-08 11:10 - 02413056 _____ C:\Users\André\AppData\Roaming\msiql.exe 2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\Users\André\AppData\Roaming\Baidu 2016-01-10 07:27 - 2016-01-10 08:29 - 00000000 ____D C:\ProgramData\baidu 2016-01-10 07:27 - 2016-01-10 07:27 - 00000015 _____ C:\WINDOWS\system32\config.conf 2016-01-10 07:27 - 2016-01-10 07:27 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-01-10 07:26 - 2016-01-10 07:59 - 00000000 ____D C:\Users\André\AppData\Roaming\UpAuroraBrowser 2016-01-10 06:53 - 2016-01-10 06:52 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-01-10 06:21 - 2016-01-10 06:22 - 00044880 _____ C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar 2016-01-03 23:38 - 2016-01-03 23:38 - 00000000 ____D C:\Users\André\AppData\Local\????????e 2016-01-03 23:33 - 2016-01-03 23:33 - 00000000 ____D C:\Users\André\AppData\Local\?o??? ? ???e???? 2016-01-10 07:29 - 2016-01-10 07:29 - 1746288 _____ () C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe 2016-01-10 07:29 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\André\AppData\Roaming\download.exe 2016-01-10 07:28 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\André\AppData\Roaming\msiql.exe 2016-01-10 07:28 - 2016-01-10 07:30 - 0000000 _____ () C:\Users\André\AppData\Roaming\svrupg.exe 2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\Users\André\AppData\Roaming\upgsvr.exe 2016-01-10 07:28 - 2016-01-10 07:28 - 0004782 _____ () C:\Users\André\AppData\Roaming\webad.xml 2016-01-10 07:29 - 2015-11-30 15:45 - 2496403 _____ () C:\Users\André\AppData\Roaming\yeaplayer_51479.exe 2016-01-21 06:47 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-01-21 06:45 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2016-01-10 07:28 - 2016-01-10 14:42 - 1752576 _____ () C:\ProgramData\upgsvr.exe 2016-01-21 06:45 - 2016-02-14 15:34 - 0009441 _____ () C:\ProgramData\webad.xml 2016-01-23 04:06 - 2016-01-23 04:06 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt 2016-01-21 06:46 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe Task: {08E92328-1F5C-4421-870F-72C5765FDD95} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI) Task: {3A5E8B69-1F4C-4BF5-B073-4B717293E160} - \nethost task -> No File <==== ATTENTION Task: {4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8} - \crash_service -> No File <==== ATTENTION Task: {620497ED-7965-4DBB-925D-26EF65A50A2E} - \Run_Bobby_Browser -> No File <==== ATTENTION ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/ C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\upgsvr.exe C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe CreateRestorePoint: RemoveProxy: EmptyTemp: Reboot: Hosts: end ***************** Processes closed successfully. C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe => No running process found C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe => No running process found HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LightGate => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HomePageHelper => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\taskhost => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\- => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bus Comp2 => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => value removed successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully Could not restore Default URLSearchHook. HKU\S-1-5-21-4040206143-25492408-1982695725-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => value removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully HKCR\Wow6432Node\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}" => key removed successfully HKCR\CLSID\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD} => key not found. "HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. Firefox DefaultSearchEngine removed successfully Firefox SelectedSearchEngine removed successfully Firefox "homepage" removed successfully Firefox "Keyword.URL" removed successfully FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=716994737e659b8cfd66d074ebe54e48 => not found C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\homepage@mail.ru => moved successfully C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\yjul70qi.default\Extensions\search@mail.ru => moved successfully C:\Program Files (x86)\mozilla firefox\40F1F475E61CA999DED8F514BFA0040040F1 => moved successfully Chrome HomePage => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully Chrome DefaultSuggestURL => removed successfully Service KMSELDI => service removed successfully TheCalendarService => service not found. Nikkafq => service removed successfully X6va062 => service removed successfully yalyqmdu => service removed successfully "C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll" => not found. "C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll" => not found. "C:\Users\André\AppData\Roaming\CalendarTool" => not found. C:\Users\Public\Documents\Guid => moved successfully C:\AdwCleaner => moved successfully C:\Users\André\Desktop\AdwCleaner.exe => moved successfully C:\ProgramData\HomePage.exe => moved successfully C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe => moved successfully C:\ProgramData\webad.xml => moved successfully C:\ProgramData\LightGate.exe => moved successfully C:\ProgramData\WindowsMsg => moved successfully C:\Program Files (x86)\osTip => moved successfully C:\Users\André\AppData\Local\Tempfolder => moved successfully C:\Users\André\AppData\Roaming\LightGate => moved successfully C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe => moved successfully C:\Users\André\AppData\Local\Yeaplayer => moved successfully C:\Users\André\AppData\Roaming\download.exe => moved successfully C:\Users\André\AppData\Roaming\yeaplayer_51479.exe => moved successfully C:\ProgramData\Windows Update => moved successfully C:\Users\André\AppData\Roaming\upgsvr.exe => moved successfully C:\ProgramData\upgsvr.exe => moved successfully C:\Users\André\AppData\Roaming\svrupg.exe => moved successfully C:\Users\André\AppData\Roaming\webad.xml => moved successfully C:\Users\André\AppData\Roaming\msiql.exe => moved successfully C:\Users\André\AppData\Roaming\Baidu => moved successfully C:\ProgramData\baidu => moved successfully C:\WINDOWS\system32\config.conf => moved successfully C:\Users\Public\Documents\Baidu => moved successfully C:\Users\André\AppData\Roaming\UpAuroraBrowser => moved successfully C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully =========== "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ========== C:\Users\André\Downloads\Информация о Silent Aim'е.rar => moved successfully ========= End -> "C:\Users\André\Downloads\?????????? ? Silent Aim'?.rar" ======== =========== "C:\Users\André\AppData\Local\????????e" ========== not found ========= End -> "C:\Users\André\AppData\Local\????????e" ======== =========== "C:\Users\André\AppData\Local\?o??? ? ???e????" ========== not found ========= End -> "C:\Users\André\AppData\Local\?o??? ? ???e????" ======== "C:\Users\André\AppData\Roaming\9f0a0d1998ec.exe" => not found. "C:\Users\André\AppData\Roaming\download.exe" => not found. "C:\Users\André\AppData\Roaming\msiql.exe" => not found. "C:\Users\André\AppData\Roaming\svrupg.exe" => not found. "C:\Users\André\AppData\Roaming\upgsvr.exe" => not found. "C:\Users\André\AppData\Roaming\webad.xml" => not found. "C:\Users\André\AppData\Roaming\yeaplayer_51479.exe" => not found. "C:\ProgramData\HomePage.exe" => not found. "C:\ProgramData\LightGate.exe" => not found. "C:\ProgramData\upgsvr.exe" => not found. "C:\ProgramData\webad.xml" => not found. C:\ProgramData\xcgui_debug.txt => moved successfully "C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E92328-1F5C-4421-870F-72C5765FDD95}" => key removed successfully C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5E8B69-1F4C-4BF5-B073-4B717293E160}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nethost task => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F95BC58-E4DF-4CEE-9552-DFFA8ED45DB8}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620497ED-7965-4DBB-925D-26EF65A50A2E}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => key not found. C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully. "C:\ProgramData\HomePage.exe" => not found. "C:\ProgramData\LightGate.exe" => not found. "C:\ProgramData\upgsvr.exe" => not found. "C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => not found. Restore point was successfully created. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-4040206143-25492408-1982695725-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 575.4 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 18:57:58 ====