Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Natascha (01-11-2016 18:28:25) Run:2
Running from C:\Users\Natascha\Desktop
Loaded Profiles: Natascha (Available Profiles: Natascha & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{9E169071-C5A7-849F-38A1-692C9AC86E9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{CA7B762C-8604-76D3-0CB3-A42D8B3DA8F1}\InprocServer32 -> no filepath
Task: {24192157-DF55-433D-AB08-4230C8E58ACE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {262F48A5-A2C4-4A66-89E6-C08AF90C4F83} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {36E64567-0921-4ADC-BD4A-E284B80D0EA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {39E4CDCA-19CF-4D03-8A04-2B4C835379FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {64412004-2C29-42B5-B406-E9864B527AAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {783577F4-C8B9-4240-ACE3-977BCC6A810C} - System32\Tasks\GNOK => C:\Users\Natascha\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: {8E0AF61B-F056-4D66-86CA-3469E9A19080} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A4F146C9-B743-4791-87BB-418B999A9263} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {AD2FCCB7-A3F2-4D01-9BA8-B334A6010534} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ATTENTION
Task: {B835580A-56CB-43EA-A5CB-571A4891288D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9321CBB-FDDC-4DA0-B365-342D9772D10C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {CC272B6D-F853-40A7-8AEC-EE9303C00831} - System32\Tasks\BYAIAMUF => C:\Users\Natascha\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: {DBBD7C40-007E-411B-9986-4D5F102B1761} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DE45C6D9-4394-419B-98E1-B23E6A983FCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F4EAA9A2-837B-422F-90B8-EB5DE9CCFFF5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD0B294B-1A4E-439D-9A87-D3B6E6FF238E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\BYAIAMUF.job => C:\Users\Natascha\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GNOK.job => C:\Users\Natascha\AppData\Roaming\GNOK.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "svchost0"
FirewallRules: [{081DDE02-B844-4BDB-8E43-8C5C50367DC5}] => (Allow) C:\Users\Natascha\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{820EE744-18E8-4158-AB98-11CA79E68385}] => (Allow) C:\Users\Natascha\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{C1991A0B-F410-4455-BD7D-9B9C9C4333BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{F932511F-498E-42FD-9A06-86DA7CC9F9B2}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: No Name -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> No File
Toolbar: HKLM - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-336042120-3881833094-1070839671-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-336042120-3881833094-1070839671-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ProfilePath: C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\2r3ugg6v.default\Profiles\2r3ugg6v.default [not found]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx <not found>
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
2016-10-25 15:46 - 2016-10-25 17:06 - 00000000 __SHD C:\Users\Natascha\AppData\Local\svchost
2016-10-25 15:43 - 2016-10-25 20:00 - 00002654 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2016-10-25 15:43 - 2016-10-25 15:43 - 00003504 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\Avira
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\Avg
2016-10-25 15:07 - 2016-10-25 15:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-25 14:57 - 2016-08-29 07:50 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-10-31 04:52 - 2015-05-10 12:28 - 00001716 _____ C:\WINDOWS\Tasks\BYAIAMUF.job
2016-10-30 21:42 - 2015-05-10 12:29 - 00001364 _____ C:\WINDOWS\Tasks\GNOK.job
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Natascha\AppData\Roaming\BYAIAMUF
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => value not found.
HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{9E169071-C5A7-849F-38A1-692C9AC86E9C} => key not found. 
HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{CA7B762C-8604-76D3-0CB3-A42D8B3DA8F1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24192157-DF55-433D-AB08-4230C8E58ACE} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{262F48A5-A2C4-4A66-89E6-C08AF90C4F83} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36E64567-0921-4ADC-BD4A-E284B80D0EA1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39E4CDCA-19CF-4D03-8A04-2B4C835379FD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64412004-2C29-42B5-B406-E9864B527AAF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783577F4-C8B9-4240-ACE3-977BCC6A810C} => key not found. 
C:\WINDOWS\System32\Tasks\GNOK => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GNOK => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E0AF61B-F056-4D66-86CA-3469E9A19080} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4F146C9-B743-4791-87BB-418B999A9263} => key not found. 
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2FCCB7-A3F2-4D01-9BA8-B334A6010534} => key not found. 
C:\WINDOWS\System32\Tasks\SecureUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecureUpdater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B835580A-56CB-43EA-A5CB-571A4891288D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9321CBB-FDDC-4DA0-B365-342D9772D10C} => key not found. 
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC272B6D-F853-40A7-8AEC-EE9303C00831} => key not found. 
C:\WINDOWS\System32\Tasks\BYAIAMUF => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BYAIAMUF => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBBD7C40-007E-411B-9986-4D5F102B1761} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE45C6D9-4394-419B-98E1-B23E6A983FCC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4EAA9A2-837B-422F-90B8-EB5DE9CCFFF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD0B294B-1A4E-439D-9A87-D3B6E6FF238E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
C:\WINDOWS\Tasks\BYAIAMUF.job => not found.
C:\WINDOWS\Tasks\GNOK.job => not found.
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk => value not found.
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\svchost0 => value not found.
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\svchost0 => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{081DDE02-B844-4BDB-8E43-8C5C50367DC5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{820EE744-18E8-4158-AB98-11CA79E68385} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1991A0B-F410-4455-BD7D-9B9C9C4333BA} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F932511F-498E-42FD-9A06-86DA7CC9F9B2} => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key not found. 
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj2 => key not found. 
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} => key not found. 
HKCR\CLSID\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value not found.
HKCR\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => key not found. 
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-336042120-3881833094-1070839671-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D} => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331 => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob => key not found. 
UCGuard => service not found.
"C:\Users\Natascha\AppData\Local\svchost" => not found.
"C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore" => not found.
"C:\WINDOWS\System32\Tasks\UCBrowserUpdater" => not found.
"C:\ProgramData\Avira" => not found.
"C:\ProgramData\Avg" => not found.
"C:\ProgramData\AVAST Software" => not found.
"C:\WINDOWS\system32\Drivers\ucguard.sys" => not found.
"C:\WINDOWS\Tasks\BYAIAMUF.job" => not found.
"C:\WINDOWS\Tasks\GNOK.job" => not found.
"C:\Users\Natascha\AppData\Roaming\BYAIAMUF" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9459744 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 87534 B
Edge => 0 B
Chrome => 277545 B
Firefox => 7512102 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1884 B
Natascha => 965219 B
Administrator => 0 B

RecycleBin => 19340 B
EmptyTemp: => 17.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:30:19 ====