[Solved] Grandfather's Laptop Redirects Chrome to Chinese Sites: Solutions for FRST, AdwCleaner & HijackThis

Hello,
some grandfather mastered a laptop, redirects the browser opened (Chrome) to Chinese sites, I've been struggling with it for a good three weeks, I used various programs, I looked through the internet, followed recommendations, the effect of "sleeping" the robot for 1-2 days, and the third day was afresh. The last attempt is Farbar Recovery Scan Tool, but here I am asking for help, in these activities I am green, I used to use HIJACKTHIS there but it was a long time ago. In the attached FRST and Addition reports, before I generated the reports, I used Adwcleaner in advance, thank you for your interest and help, best regards

Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu przegladarki utworzony przez infekcje.
Usun tez dane synchronizacji Chrome z konta google:
https://support.google.com/chrome/answer/6386691?hl=pl

Sprobuj uruchomic z prawami administratora uninstaller z katalogu C:\Program Files (x86)\Tencent\

Odinstaluj:
1kboCfEipURW Updater version 1.2.0.4
initialpage123 - Uninstall
PPTV V4.0.3.0056
QQ浏览器
暴风影音5
电脑管家11.5

Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
CloseProcesses:
CreateRestorePoint:
Online Application Installer (x32 Version: 2.0.0 - Microleaves) Hidden pcalua.exe -a "C:\Windows\system32\SupportAppPBHostless Modem\Setup.exe" -c /uninstall
Task: {806E8565-07C5-4C29-8117-5683FCE988BC} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
Task: {9409D5A5-4396-4672-A08D-584CC38BF4C0} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe C:\Program Files (x86)\Tencent\QQBrowser\qqbrowser.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hcjadopoenpcjhdnknblbddcmlnlefid
2017-04-18 11:29 - 2017-04-18 09:10 - 00313344 _____ () C:\Program Files (x86)\1kboCfEipURW Updater\1kboCfEipURW Updater.exe
2017-04-18 10:43 - 2017-04-18 10:43 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\zlib.dll
2017-04-18 10:42 - 2017-04-18 10:42 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMAntiInject.dll
2017-04-18 10:43 - 2017-04-18 10:43 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\sqlite.dll
2017-04-18 10:43 - 2017-04-18 10:43 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\tinyxml.dll
2017-04-18 10:43 - 2017-04-18 10:43 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2017-04-18 10:43 - 2017-04-18 10:43 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2017-04-18 10:43 - 2017-04-18 10:43 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17499.219\qmrtpcontroller.dll
2017-04-18 10:42 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\oDayProtect.dll
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [0]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [0]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
() C:\Program Files (x86)\1kboCfEipURW Updater\1kboCfEipURW Updater.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCRTP.exe
(Tencent Inc.) C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
(Tencent) C:\Program Files (x86)\Tencent\QQBrowser\qqbrowser.exe
(Tencent) C:\Program Files (x86)\Tencent\QQBrowser\qqbrowser.exe
(Tencent) C:\Program Files (x86)\Tencent\QQBrowser\qqbrowser.exe
HKLM\...\Run: [vnlgp] => C:\Users\Jan\AppData\Roaming\vnlgp\vnlgp.exe [1538048 2017-02-06] () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QQPCTRAY.EXE [362304 2017-04-18] (Tencent)
HKLM-x32\...\Winlogon: [Shell] x [ ] () "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
HKU\S-1-5-21-290543488-3704001229-2161073828-1001\...\Run: [apphide] => C:\Program Files (x86)\sss\uc.exe [159744 2017-04-13] ()
HKU\S-1-5-21-290543488-3704001229-2161073828-1001\...\Run: [PPLiveAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP_startup.exe [181336 2017-03-10] (PPLive Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\n6olq5b5: C:\Program Files (x86)\Grakerghstertecult Reports\local64spl.dll [311808 2017-04-18] ()
ShellExecuteHooks: Brak nazwy - {D404EF92-20EB-11E7-8685-64006A5CFC23} - C:\Users\Jan\AppData\Roaming\Plerserserofecult\Pretuiedsiherty.dll [148480 2017-04-18] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll [2017-04-18] (Tencent)
ShellIconOverlayIdentifiers: [BFDLinkIconOverlay] -> {F9D0EFE7-1939-4156-B6E9-0006A5FDDC4E} => C:\Program Files (x86)\Baofeng\StormPlayer\BFDesktopShell64.dll [2017-02-27] (暴风集团股份有限公司)
ShellIconOverlayIdentifiers: [QBOverlayIcon] -> {96959DE7-C855-42BD-8382-2AAABF2A8F52} => C:\Users\Jan\AppData\Local\Tencent\QQBrowser\User Data\IconOverlay\QBShellIcon40be18.dll [2017-04-18] (Tencent)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPLive.lnk [2017-04-18]
ShortcutTarget: PPLive.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive_startup.exe (PPLive Corporation)
BHO-x32: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\Program Files (x86)\IQIYI Video\LStyle\5.5.33.3550\Accelerator\IEHelper.dll => Brak pliku
FF Plugin-x32: @Baofeng.com/npBFWebBrowserPlugin -> C:\Program Files (x86)\Baofeng\StormPlayer\npBFWebBrowserPlugin.dll [2017-02-27] (Beijing Baofeng Inc.)
FF Plugin-x32: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.5.33.3550\npclient.dll [2016-11-08] ()
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\4.0.3.0056\nppluginEx.dll [2017-03-10] (PPLive Corporation)
FF Plugin-x32: @q-q.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsMozilla.dll [2017-04-18] (Tencent Technology (Shenzhen) Company Limited)
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.initialpage123.com/?z=6b4fa8ddafc9db73f8cc01bgaz0tao1w5e3m3waeet&from=wak&uid=3219913727_263875_1EB28618&type=hp
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.initialpage123.com/?z=6b4fa8ddafc9db73f8cc01bgaz0tao1w5e3m3waeet&from=wak&uid=3219913727_263875_1EB28618&type=hp"
CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://www.initialpage123.com/search/?q={searchTerms}&z=6b4fa8ddafc9db73f8cc01bgaz0tao1w5e3m3waeet&from=wak&uid=3219913727_263875_1EB28618&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData2 -> 28initialpage123
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-18]

I started the game and on the second step zonk - I can not find the file C: \ Program Files (x86) \ Tencent \ and these programs

This is a directory and you do not need to search for it if you have a path. You can even paste in the boot and it will open, but if there is no uninstall then skip this step and do the rest.

I did, except for uninstalling programs, it lasted a long time but I was a little educated and later I did not have access to a laptop (work),
successively: Fixlist from WinRe level, drweb scan report, logs from FRST scan.
ps. I'm at the computer until 4:00 PM, then again, I greet

Uninstall Loaris Trojan Remover 2.0.28

New Fixlist.txt for FRST:
ShortcutWithArgument: C: \ Users \ Jan \ Desktop \ chrome - shortcut .lnk -> C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe (Google Inc.) -> hxxp: //hao.169x .cn /? v = 108
ShortcutWithArgument: C: \ Users \ Jan \ Desktop \ mail.lnk -> C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe (Google Inc.) -> hxxp: //hao.169x.cn /? v = 108
ShortcutWithArgument: C: \ Users \ Jan \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Chrome Apps \ email.lnk -> C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe (Google Inc.) -> --profile-directory = Default --app-id = hcjadopoenpcjhdnknblbddcmlnlefid
CHR DefaultSearchURL: Default -> hxxps: //ssl.gstatic.com/ui/v1/icons/mail/images/favicon5.ico
R1 ucdrv; C: \ Program Files (x86) \ UCBrowser \ Security: ucdrv-x64.sys [25444] (UC Web Inc.)

the browser normally

Delete the C: \ FRST directory and that's all.

problem solved thanks to Kolobos' advice, thank you again