CloseProcesses:
HKU\S-1-5-21-1483297329-2720066829-2040343632-1001\...\MountPoints2: {b4d2f8c5-2e77-11e6-9bf2-185e0f7a7e51} - "F:\startme.exe"
Tcpip\..\Interfaces\{61c73488-1340-4778-8329-7eb4dd6dbea1}: [NameServer] 188.120.239.115,8.8.8.8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://its-neu.com
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.)
Task: {A99A1F19-9484-4552-8E3B-44672C621EC1} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
C:\WINDOWS\system32\Drivers\ucguard.sys
C:\WINDOWS\Tasks\UCBrowserUpdater.job
C:\WINDOWS\System32\Tasks\UCBrowserUpdater
C:\Program Files (x86)\sbqh
C:\Program Files (x86)\uvzE4A3
C:\gnbotpokestat
C:\gnbotpokelog
C:\gnbotpokectrl
C:\gnbotpoke
reboot: