Locked by Australian Federal Police (AFP) Ukash Virus Scam Asking For $100 AUD to Unlock Your Computer? Ransomware Removal

Computer locked by Australian Federal Police (AFP) Ukash virus while surfing the internet for something porn? Is it true that you violate the national laws and it’s required to pay 100 Australian dollars ransom? What happens if your computer is searched by AFP ukash virus? Will there be a policeman coming to your house to arrest you as you are informed computer blocked by Australian Federal Police? How to fix the endless AFP ukash scam pop-ups and unlock the PC? Here is a useful tutorial guide for you.

How dangerous is Australian Federal Police (AFP) Ukash? Is it a scam?
Australian Federal Police (AFP) Ukash virus is another new version from the infamous Ukash virus family. Australian Federal Police (AFP) Ukash virus may look like a real and trustworthy dept. of Australian while it’s developed by hackers to make use of its name to scare naïve users and scam their money. Once you get infected with this virus, Australian Federal Police Ukash will pop up a lockup notice saying you have pay the 100 AUD fines to unlock it before you can continue to use your computer on a daily basis. Please don’t fall into its trap. The developers usually act as the real government department to ask you to pay money to them. But the truth is that it is a real scam malware. You should have the common sense that the real government department won’t send you these kinds of messages in the internet. Paying for the money can’t get this issue solved, but cause financial leakage and collapse of the system. So, how to remove Australian Federal Police (AFP) Ukash virus without recurring? Well, this infection is tricky enough to slay. Even if you try to reboot your computer and get in safe mode with networking, the ukash virus screen still appears and blocks your screen immediately. You can’t do anything on your computer but with the screen fully controlled by Australian Federal Police Ukash (AFP) Virus Scam. Fortunately, the correct way to save your computer is manual clean. Follow the instructions below to get rid of this ransomware ASAP.

Australian Federal Police (AFP) Ukash Screenshot

Australian Federal Police (AFP) Ukash Identified as Security Threat by Impressions
1. Australian Federal Police (AFP) Ukash reputation/ rating online is terrible.
2. Australian Federal Police (AFP) Ukash is installed/ run without your permission.
3. The official website of Australian Federal Police (AFP) Ukash is poorly built without contact info.
4. The payments website of Australian Federal Police (AFP) Ukash is suspicious & claims your OS is unsafe.
5. Poor Performance like highly-consumed system resources is caused by Australian Federal Police (AFP) Ukash.

What’s a good way to remove Australian Federal Police (AFP) Ukash from my PC?
Well, many computer users had a hard time to terminate Australian Federal Police (AFP) Ukash completely as various protection tools didn’t meet with their expectation. No matter what antivirus software they have tried, none of them could detect anything even being disabled. And people also did “regedit” in the Run command box, or other methods, but failed again. Since antivirus didn’t help, manual approach is always required to combat this virus. Here is the manual removal of Australian Federal Police (AFP) Ukash step-by-step guide (This is just the original location) for all computer users.

Step-by-Step Guides to Delete Australian Federal Police (AFP) Ukash Manually
1> The processes to be stopped are listed below:
[random].exe
2> The files to be deleted are listed below:
%Documents and Settings%\All Users\Application Data\[random]\
%Documents and Settings%\All Users\Application Data\[random]\[random].exe
%Documents and Settings%\All Users\Application Data\[random]\[random].mof
%Documents and Settings%\All Users\Application Data\[random]\[random].dll
%Documents and Settings%\All Users\Application Data\[random]\[random].ocx
%Documents and Settings%\All Users\Application Data\[random]\[random]\
%UserProfile%\Application Data\Anti-Malware Lab\
%UserProfile%\Application Data\Anti-Malware Lab\cookies.sqlite
%UserProfile%\Application Data\Anti-Malware Lab\Instructions.ini
3> The registry entries that need to be removed are as follows:
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Anti-Malware Lab″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options “Debugger” = “svchost.exe”

Note: Manual removal of Australian Federal Police (AFP) Ukash is complex and risky task, as it refers to key parts of computer system, and is recommended only for advanced users. If you haven’t sufficient expertise on doing that, it's recommended to ask help from an online computer expert to manually remove it for you. That would make a hit.

Get Rid of Fantastigames.metacrawler.com Redirect Virus, Metacrawler.com Manual Removal

Have you encountered a problem that your homepage is substituted by another strange site called Fantastigames.metacrawler.com without your consent? No matter what you search, you’ll be forcedly redirected to this irrelevant page which is filled with annoying unknown advertisements. Really feel infringed on this issue but can’t find any effective solution to get it resolved as every time it still comes up although it’s reported to be killed by the security software. By reading this post, you’ll find out the proper way to get rid of this nuisance and restore the PC.

Information About Fantastigames.metacrawler.com
Fantastigames.metacrawler.com (http://fantastigames.metacrawler.com/) is classified as a bogus search engine that designed by cyber criminals to generate revenue from computer victims. From the appearance, it may look like a safe and legit web site that serves users for searching something useful such as games, and other leisure online tools. However, it’s far from its primary impression to users. Fantastigames.metacrawler.com is good at taking advantage of system exploits to install onto the target machine. Even if you have various antivirus programs to prevent from being infected, such threat can easily break through these tools and perform its corrupt activities in the affected system. Once associating with this hijacker, you’ll get countless pop-ups or toolbars, unable to get the desired results you want to see. Besides, this redirect virus often doesn’t come along, but it’s bundled with other threats, like Trojan, rootkit and rogue virus, etc. It utilizes java to alter internet browser settings and extracts user information without any authorization. It’s able to keep track of your internet activities so as to capture personal information such as username, passwords, all kinds of account data. Your PC working will be lagged a lot than usual as well. Considering the chaos caused, you’re highly recommended to have Fantastigames.metacrawler.com deleted timely and entirely to avoid more damages.

Fantastigames.metacrawler.com Screenshot


Fantastigames.metacrawler.com Has Those Harmful Symptoms
a. Unfamiliar and questionable advertisements and fake alerts keep popping up on your screen.
b. Your PC system performance is too poor and your system works extremely slowly like a snail.
c. Once compromised, your PC makes for frequent freezing and system crash.
d. Unwanted malicious applications run in your PC.
e. All your search results specified by Google Chrome are redirected to unwanted and irritating ones.

Antivirus doesn’t seem to pick this Fantastigames.metacrawler.com up, why?
Not all viruses can be deleted by antivirus. Depending on the type of virus you have, Fantastigames.metacrawler.com is able to re-instate themselves soon. It may have to be quarantined the Antivirus program you have gives definitions for the type of virus it discovers. It also tells you whether it was deleted or sent to the virus vault. But you know the fact is different. And even competent anti-malware programs may be unable to delete Fantastigames.metacrawler.com, if you try to remove the virus yourself, and unfortunately the existing antivirus cannot help you out. You might try another method - manual removal.

Here is Manual Approach for Fantastigames.metacrawler.com Removal
In order to get rid of Fantastigames.metacrawler.com thoroughly from your infected machine, you need to end its related processes, search and remove associated registry values, DLL and then other relevant files.
1) The associated processes of Fantastigames.metacrawler.com to be stopped are listed below:
[random].exe

2) The associated files of Fantastigames.metacrawler.com to be deleted are listed below:
%AllUsersProfile%\{random}\
%AllUsersProfile%\{random}\*.lnk

3) The registry entries of Fantastigames.metacrawler.com that need to be removed are listed as follows:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\random
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BabylonTC.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “[random].exe”

Special Notes: Please be aware that you need to be very prudent during the whole removal process, because any inaccurate operation may result in data loss or even system crash. If you are confused how to do the above steps, you just need click here and get help from Tee Support 24/7 online computer experts to remove Fantastigames.metacrawler.com completely.

        

How can I get rid of Infomash.com redirect virus from win 7/vista/xp? Remove Infomash.com manually step by step

Are you encountering a big problem that Infomash.com constantly hijacks all your search results and your PC is totally taken over by this virus? Having attempted lots of top antivirus software such as Norton, Spyware Doctor, Avast, McAfee, Spybox, you still failed to catch it completely. Is there an effective solution to deal with such nuisance? Of course YES! By reading this post, I’m sure you’ll find the answer to overcome it.

Infomash.com Information
Nowadays, cyber criminals are as dangerous as muggers on the streets and more computer viruses come out. Infomash.com is one of them, which comes from the hijacker family that people should pay attention to. Usually this infection installs via other malware program, peer to peer application, movie download, share file, email attachment and social sites. It is widely spread throughout the Internet. It can alter system registries and settings, so that you’ll find its trance each time when Windows starts. It’s really an annoying and stubborn stuff. People seem to be eager to cast off Infomash.com as early as possible.

Infomash.com is extremely harmful. It is able to disable many web browsers like Internet Explorer, Google Chrome, Firefox Mozilla. Thus, your search results including Google, Yahoo, Bing and other search engine search will be constantly linked to the virus webpage and other useless ad domains instead of desired results. Those ad websites are fraudulent and hazardous, which will allow some other threats including spyware or badware to sneak into the affected system. The final aim of this bug is to mess up your system utterly and get out of your money.

You should realize its evil essence and Infomash.com is really a craft parasite. Your careless activity on surfing the internet may be the main reason of this infection. What if you’re one of the victims? It’s likely that antivirus software becomes the first choice. However, by the help of Trojan rootkit, Infomash.com is good at bypassing all kind of normal antivirus even disabling it. Thus we highly recommend you to remove Infomash.com virus with manual clean once you find it inside so as to protect your computer.

To make your computer secure and healthy, Live chat with Tee Support professionals 24/7 online now, or you can follow the manual removal guide below to get your problem fixed. ( this is suggested for advanced computer users)

Here below is the guide to manually remove Infomash.com
Step1: Reboot the PC and keep pressing F8 key on the keyboard before Windows interface loads. Hit the arrow keys to choose "Safe Mode with Networking" option, and then tap Enter key to enter Safe Mode with Networking.

Step 2: Open Task Manager and end all the malicious processes created by Infomash.com. ( Methods to open Task Manager: Press CTRL+ALT+DEL or CTRL+SHIFT+ESC or Press the Start button->click on the Run option->Type in taskmgr and press OK.)

Step 3: Go to Regitry Editor and delete malicious registry entries related to Infomash.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\random
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5ATIUYW62OUOMNBX256 “(Default)”=”1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“UninstallString” = “‘%AppData%\[RANDOM]\[RANDOM].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“ShortcutPath” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe” -u’”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “5ATIUYW62OUOMNBX256” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe’
Step 4: Search and Remove malicious files of Infomash.com virus
C:\WINDOWS\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\WINDOWS\system32\ping.exe

Video Guide for Manual Removal



Note: Manual removal is risky and tough process requiring expertise. Not a single mistake is allowed. It is wise to have an expert taking care of this for you. Getting help from online expert is fast and safe way to get rid of Infomash.com
virus.

Live Chat With Experts Now!

Get Rid of Trojan Horse Generic 28.BVLH Manually, How to Remove Generic 28.BVLH Trojan Without Recurring

Unreasonably got Trojan Horse Generic 28.BVLH virus on your PC screen and tried all sorts of antivirus but no help. Is it dangerous? What harms does it cause? Today, let's learn something about this virus and find an effective way to handle it permanently?

Trojan Horse Generic 28.BVLH is a horrible Trojan infection that can be fatal for PC system. This tricky virus may be located in c:\windows\system32\rundll32.exe\memory_00a40000 and c:\program files\internet explorer.exe (3904):\memory_02750000. It comes from the Generic 28 family detected by AVG antivirus. When it successfully invades a system, AVG is able to detect but always fails to remove it since this Trojan does not have an interface, and its infected files can be concealed from elimination using the feature of the relevant rootkit. Also it creates malicious files or modifies certain system file to enable its execution every time Windows starts up. Trojan Horse Generic 28.BVLH is really pesky and dangerous; remove this threat as soon as possible.

Since Trojan Horse Generic 28.BVLH embed malicious code to your system settings, you’ll suffer from excessive advertisements and browser redirections, where more harmful infections can be brought into your PC. Not only can this pest consume high resources which will strikingly slow down your PC performance, but also it even causes the computer frequently stuck and randomly crashed. In a word, the compromised PC will be running abnormally, even unusable.

Trojan Horse Generic 28.BVLH compromises your privacy and security as it’s capable to open a backdoor to malicious cyber criminals and allow them to access the infected computer then gather their personal data such as credit card info, log in numbers, etc, without any permission. All in all, Trojan Horse Generic 28.BVLH can totally mess up the targeted computer. It would be wise to eliminate Trojan Horse Generic 28.BVLH quickly before further damages from it.

Since Trojan Horse Generic 28.BVLH escapes from various security software, even though you have installed top protection tools, you'll finally end up with frustration. How sickening it is! Fortunately, this pest can be still eliminated by manual removal with expert skills. If you're skillful enough, you can fix it by yourself with the below instructions. If not, you're recommended to contact an online tech expert to help you remove it in short period!

Here below is the removal procedure for Trojan Horse Generic 28.BVLH:

Boot your computer into safe mode with networking by constantly tapping F8 key before Windows is launched. This image will show you what "safe mode with networking" looks like.

1) Find and stop Trojan Horse Generic 28.BVLH associated processes:
random.exe

2) Locate and delete Trojan Horse Generic 28.BVLH associated files:
%System%\drivers\[RANDOM CHARACTERS].sys
%Temp%\[random]
C:\WINDOWS\system32\[random name].dll
%UserProfile%\Start Menu\Programs\Trojan Horse Generic 28.BVLH

3) Detect and remove Trojan Horse Generic 28.BVLH related registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run = “%WinDir%\AppPatch\.exe,”
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load = “%WinDir%\AppPatch\.exe,”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System = “%WinDir%\AppPatch\.exe,”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM CHARACTERS]” = “rundll32.exe “%Temp%\[RANDOM CHARACTERS FILE NAME].dlllient”

Manual removal is risky and tough process requiring expertise. Not a single mistake is allowed. It is wise to have an expert taking care of this for you. Getting help from online expert is fast and safe way to get rid of Trojan Horse Generic 28.BVLH virus.

Remove Trojan Horse Generic_r.AWX manually and completely, get rid of Trojan Generic_r.AWX virus step by step

AVG has detected a virus called "Trojan Horse Generic_r.AWX" and you have tried all sorts of protection tools but still failed to catch it? Does it entice you into opening some disgusting porn links that compromised your PC? Are you feel baffled in this situation and anxiously in need of way out? This post will do you a favor. Follow this, and i'm sure you can find the remedy here.

Trojan Horse Generic_r.AWX, as a covert and destructive Tojan rootkit virus, is such horrible that it can give the computer a heavy blow once successfully installed. It may impress people that AVG scans and shows a virus warning of Trojan Horse Generic_r.AWX, while it can’t remove it when you’re urged to click the removal button and try to fix it. Even though you restart the computer, the virus reappears on the desktop and scares you once in a while. Since then, it looks like an evil monster that’s difficult to get over.

Many computer users have a question that “I have installed antivirus software, why I still get infected with this bug?” Well, to be frank, everywhere can be the nest for the virus to conceal. For example, the unsafe links, web pages, or freeware like document or video, etc, all these regard as the preferring place for the virus to lurk in. Any possibility to be infected by this Trojan is when you insert memory sticks or USB flash drivers to your computer. Trojan Horse Generic_r.AWX is crafty to invade into the target system by utilizing security vulnerability. No matter how it approaches your computer, you’d better remove it right away without any hesitation.

It’s obvious that Trojan Horse Generic_r.AWX can bring about lots of PC annoyance. Firstly, since the virus processes take up much area of the system, you’ll observe the PC is suffering from a critical decrease in running speed. Secondly, the virus is capable to redirect your internet connection and make your browsing abnormally. This is possibly because it affects critical system files and modifies default settings or deletes important files. Thirdly, more and more Trojans or rootkits can be introduced onto the PC, which will help the virus easily steal user’s confidential information, such as financial details.

To protect your computer from affecting any more, manual removal to delete Trojan Horse Generic_r.AWX virus becomes necessary. If you have any question, click here and live chat with an online expert.

Here below will teach you how to eliminate Trojan Horse Generic_r.AWX manually

(attention: this is only suggested for advanced computer users)

1. Kill malicious processes:
random.exe
2. Delete infected files:
%System%\drivers\[RANDOM CHARACTERS].sys
%Temp%\[random]
C:\WINDOWS\system32\[random name].dll
3. Delete infected registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1?

Note: Manual removal is risky and tough process requiring expertise. Not a single mistake is allowed. It is wise to have an expert taking care of this for you. Getting help from online expert is fast and safe way to get rid of Trojan Horse Generic_r.AWX virus.

How to remove Trojan:DOS/Alureon.E virus from windows xp, vista or win 7? Malware related to MBR cleanup

Nowadays, Cyber cribbers create more and more computer viruses every day, such as Trojan malware. Trojan:DOS/Alureon.E is one of them that have the common characteristics: tiny and creepy, tremendous and huge damage, difficult to clean away, etc. Let's learn something about this Trojan:DOS/Alureon.E threat and teach how to be free of it permanently.

Have a Comprehensive Knowledge of Trojan:DOS/Alureon.E

Trojan:DOS/Alureon.E is a notorious computer virus detected by Microsoft Security Essentials or avast security. The error codes people always get from MSE are: 0×80070032, 0x800704ec and 0×80501001. As a representative of Trojan, Trojan:DOS/Alureon.E won’t give up any opportunity to invade the targeted PC and destroy the system. Once it settles down in the computer, this infection will inject its malicious files and registries, resulting it the abnormal working of the computer, or more severely, making the system unavailable. Trojan:DOS/Alureon.E imitates to start its righteous work, whereas all it does has the only aim, that is, scamming innocent users’ money by deceiving them.

Trojan:DOS/Alureon.E is a big threat to both PC system and its network environment. Once affected, you’ll see the virus starts every time when system is launched. Then lots of irritating advertisements will be poured out onto users and sometimes it can disable then from connecting to internet. Trojan:DOS/Alureon.E can bring in more and more dangerous threats onto computers including both 32 bit and 64 bit operating system. It’s crafty enough to evade the detection of all sorts of antivirus software. To rescue the compromised PC safely and completely, live chat with Tee Support certified experts now, or you can follow the manual removal steps here to get this issue fixed if you have sufficient expertise in handling system files.

How to manually remove Trojan:DOS/Alureon.E without coming back?

1) Launch the Task Manager by pressing keys “CTRL + Shift + ESC” together, search for Trojan:DOS/Alureon.E processes and right-click to stop them.
2) Locate and delete these files generated by Trojan:DOS/Alureon.E:
C:\WINDOWS\Installer\Random
C:\WINDOWS\system32\services.exe (Random)
C:\docume~1\LOCALS~1\Temp\pohci13F.sys
C:\windows\system32\drivers\atapi.sys
3) Detect and remove Trojan:DOS/Alureon.E related registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\random thing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\*

Alureon Rootkit Threat Family:

Trojan:Win32/Sirefef.AC
Trojan:Win32/Sirefef.AH
Trojan:DOS/Alureon.A
Trojan:JS/Iframe.AP
TrojanDownlowder:Win/Unruy.H
TrojanDownlowder:Win/Obvod.K
Trojan:Win32/FakeSysdef

Note: Trojan:DOS/Alureon.is a resident to the root sector of your PC, or rather, it's sensitive area. That is to stress on the importance of Trojan:DOS/Alureon.E removal performed on terms of extreme caution. If you feel it's too tough to slay such terrible virus, just be free to get support from Tee Support online Team 24/7.

Remove/ Uninstall "Please wait while the connection is being established" virus safely and utterly from win xp/vista/7 (manual removal instructions)

Is your laptop or desktop fully locked by a white screen warning "Please wait while the connection is being established"? Don't know what it is and need assistance to remove this fake alert? This post will do you a favor. Just go ahead!

Have a brief understanding of "Please wait while the connection is being established"

"Please wait while the connection is being established" is classified as a fake popping up warning notification generated by Ukash virus. Such type of virus spread throughout entire territory of the English, German, Dutch, French, Italian, Denish, Polski, Spanish, Portuguese, Arabic and Norwegian, etc. Designed as a cyber financial fraud, this alert has been influencing people in the world to scam money if they want to unlock their PCs.
 
Once inside a system, this bogus alert says your IP address has been noticed to indulge in illegal online activity such as viewing child pornographic materials and scenes of violence. It’s the white screen that prevents you from doing anything. Even closing the window or minimizing it can’t solve this issue, either. Sometimes you cannot move the mouse while this white screen is up as it has totally blocked your screen. What to do?

You may reboot your computer into safe mode with networking or safe mode with command prompt; however, the annoying fake message still jumps out. Neither does forcibly turning off the PC work. How sickening! You should realize that “Please wait while the connection is being established” is VIRUS that bundled with rogue virus to get out of your fine. Under no circumstance should you buy its ransomware to unlock the PC system. Instead, to keep your computer clean and secured, take some professional manual removal instructions to get rid of it as quickly as possible.

How to remove "Please wait while the connection is being established" completely and manually?

In order to get rid of Please wait while the connection is being established thoroughly from your infected machine, you need to end its related processes, search and remove associated registry values, DLL and then other relevant files.

1. Kill infected processes:

random.exe

2. Delete infected files:

%Desktopdir%\random.lnk
%Programs%\[random]\[random].exe
%AppData%\[random]\[random].exe

3. Delete infected registry values:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[random] %AppData%\[random]\[random].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\[random].exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\\DisplayIcon %AppData%\[random]\[random].exe,0 [random].exe” -u

Manual removal is complex and risky task, as it refers to key parts of computer system, and is recommended only for advanced users. If you haven’t sufficient expertise on doing that, it's recommended to ask help from an online computer expert to manually remove it for you. That would make a hit.