Fix result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by lenovo (10-07-2018 10:53:31) Run:2
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Virustotal: c:\windows\system32\userinit.exe
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\axhyrhmw
REG: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\axhyrhmw
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
C:\Program Files\Windscribe
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
unlock: c:\program files\microsoft\desktoplayer.exe
c:\program files\microsoft\desktoplayer.exe
mkdir c:\program files\microsoft\desktoplayer.exe
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-04-21] (The OpenVPN Project)
U3 axhyrhmw; C:\Windows\system32\Drivers\axhyrhmw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
MSCONFIG\Services: doyyloadrwyownloadpr => 2
Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => C:\Windows\system32\pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016"
C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016
Task: {83DC7922-CE46-4FAE-9A55-A34520C0A075} - System32\Tasks\Driver Booster SkipUAC (lenovo) => C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Hosts:
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"













*****************

VirusTotal: c:\windows\system32\userinit.exe => https://www.virustotal.com/file/538fe1012fedc72727a8de0c2c01944b3d35c29812ecef88e95aac07235e0b0b/analysis/1530333230/
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\axhyrhmw" => not found

========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\axhyrhmw =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

"HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windscribe" => removed successfully.

"C:\Program Files\Windscribe" folder move:

Could not move "C:\Program Files\Windscribe" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"c:\program files\microsoft\desktoplayer.exe" => was unlocked
c:\program files\microsoft\desktoplayer.exe => moved successfully
mkdir c:\program files\microsoft\desktoplayer.exe => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\tap0901" => removed successfully.
tap0901 => service removed successfully.
tapwindscribe0901 => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\tapwindscribe0901" => removed successfully.
tapwindscribe0901 => service removed successfully.
axhyrhmw => service not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\doyyloadrwyownloadpr => not found
HKLM\System\CurrentControlSet\Services\doyyloadrwyownloadpr => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8041C4C-67DD-4348-9665-E1543B0AC3E4} => not found
"C:\Windows\System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => not found
C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83DC7922-CE46-4FAE-9A55-A34520C0A075}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83DC7922-CE46-4FAE-9A55-A34520C0A075}" => removed successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (lenovo) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (lenovo)" => removed successfully.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3218868 B
Java, Flash, Steam htmlcache => 1088 B
Windows/system/drivers => 318144 B
Edge => 0 B
Chrome => 0 B
Firefox => 50829756 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 1788 B
lenovo => 7897231 B

RecycleBin => 13967009 B
EmptyTemp: => 80.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-07-2018 10:57:41)

C:\Program Files\Windscribe => is moved successfully

==== End of Fixlog 10:57:41 ====