Fix result of Farbar Recovery Scan Tool (x86) Version: 29-06-2016
Ran by user (2016-07-01 17:52:15) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\...\Run: [YlPack] => C:\Windows\System32\regsvr32.exe C:\Users\user\AppData\Local\Ilgsoft\cdmpilgp.dll
ShellExecuteHooks:  - {98C066AB-D735-4339-9E52-A34875141B56} -  No File [ ]
2016-06-29 18:50 - 2016-06-29 19:42 - 00000000 ____D C:\Users\user\AppData\Local\Ujmedia
2016-06-29 18:50 - 2016-06-29 19:36 - 00000000 ____D C:\Users\user\AppData\Local\Ilgsoft
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no filepath
Task: {8728C205-79FD-4C95-AE0B-2EB6A707B168} - \AutoKMS -> No File <==== ATTENTION
Task: {A835762E-5988-4CA5-B2D8-17B5C1E8D363} - System32\Tasks\{373BFA6F-224A-4176-99B6-BE177D6B4E04} => pcalua.exe -a C:\4nec2\exe\4nec2.exe
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.reg:  =>  <===== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YlPack => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{98C066AB-D735-4339-9E52-A34875141B56} => value removed successfully.
HKCR\CLSID\{98C066AB-D735-4339-9E52-A34875141B56} => key not found. 
C:\Users\user\AppData\Local\Ujmedia => moved successfully
C:\Users\user\AppData\Local\Ilgsoft => moved successfully
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8728C205-79FD-4C95-AE0B-2EB6A707B168}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8728C205-79FD-4C95-AE0B-2EB6A707B168}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A835762E-5988-4CA5-B2D8-17B5C1E8D363}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A835762E-5988-4CA5-B2D8-17B5C1E8D363}" => key removed successfully.
C:\Windows\System32\Tasks\{373BFA6F-224A-4176-99B6-BE177D6B4E04} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{373BFA6F-224A-4176-99B6-BE177D6B4E04}" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.exe" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.bat" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\regfile" => key removed successfully.
"HKU\S-1-5-21-482811646-3738513467-4202334608-1000\Software\Classes\.reg" => key removed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-482811646-3738513467-4202334608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11688259 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 338250 B
Edge => 0 B
Chrome => 728695988 B
Firefox => 11947596 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66088 B
LocalService => 132244 B
NetworkService => 66812 B
user => 186892177 B

RecycleBin => 38627000 B
EmptyTemp: => 941.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:53:03 ====