Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Lenovo at 2015-07-15 17:57:16 Run:2
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo (Available Profiles: Lenovo & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CloseProcesses:
R2 IHProtect Service; C: PROGRAM Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 VSSS; C:\Users\Lenovo\AppData ROAMING\Microsoft\SystemCertificates\VSSVC.exe [99147904 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-07-09] (SlimWare Utilities, Inc.)
R1 wafd_vw_1_10_0_20; C:\Windows\System32\drivers\wafd_vw_1_10_0_20.sys [57728 2015-07-06] (WA)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msnbr.exe <===== ATTENTION
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Task: {059C5B36-6F18-4FF0-AFA2-19C0028EB7F1} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe
Task: {5F41E279-F71D-4B36-890D-68513E876D9F} - System32\Tasks\UpdateTask => C:\Users\Lenovo\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
Task: {C74D064E-5113-42EE-A932-90C51D0DDA2D} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe
Task: {C9871C15-CAA9-4E61-BDBB-49498D67BE70} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1436878569&z=c81499d4d64a34e3f57cc87gbz0c4q8b3mbb0w2w7g&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2431670907-3491424385-537474094-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM014-1EJ164_W380FGRHXXXXW380FGRH&ts=1436878654&type=default&q={searchTerms}
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-05-26]
C:\Program Files\*.exe
C:\Program Files (x86)\AVG
C:\Program Files (x86)\MiuiTab
C:\Program Files (x86)\Opera
C:\Program Files (x86)\WordAnchor_1.10.0.20
C:\ProgramData\msnbr.exe
C:\ProgramData\IHProtectUpDate
C:\ProgramData\AVG
C:\ProgramData\Temp
C:\Users\Lenovo\AppData\Local\Avg
C:\Users\Lenovo\AppData\Local\Chromium
C:\Users\Lenovo\AppData\Local\Opera Software
C:\Users\Lenovo\AppData\Roaming\AVG
C:\Users\Lenovo\AppData\Roaming\istartsurf
C:\Users\Lenovo\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Users\Lenovo\AppData\Roaming\OpenCandy
C:\Users\Lenovo\AppData\Roaming\Opera Software
C:\Users\Lenovo\AppData\Roaming\Shortcut
C:\Windows\system32\Drivers\wafd_vt_1_10_0_20.sys
C:\Windows\system32\Drivers\wafd_vw_1_10_0_20.sys
C:\Windows\system32\Drivers\SWDUMon.sys
C:\WINDOWS\SysWOW64\sqlite3.dll
H:\pendrive (16GB).lnk
CMD: attrib /d /s -s -h H:\*
Reg: reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f
Reg: reg delete HKCU\Software\dobreprogramy /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Reader Speed Launcher" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f
CMD: netsh advfirewall reset
EmptyTemp:
*****************

Processes closed successfully.
IHProtect Service => Service removed successfully
VSSS => Service removed successfully
SWDUMon => Service removed successfully
wafd_vw_1_10_0_20 => Service removed successfully
KProcessHacker2 => Service not found.
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{059C5B36-6F18-4FF0-AFA2-19C0028EB7F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{059C5B36-6F18-4FF0-AFA2-19C0028EB7F1}" => key removed successfully
C:\Windows\System32\Tasks\Opera N Saturday not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera N Saturday => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F41E279-F71D-4B36-890D-68513E876D9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F41E279-F71D-4B36-890D-68513E876D9F}" => key removed successfully
C:\Windows\System32\Tasks\UpdateTask => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C74D064E-5113-42EE-A932-90C51D0DDA2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74D064E-5113-42EE-A932-90C51D0DDA2D}" => key removed successfully
C:\Windows\System32\Tasks\Opera N Sunday not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera N Sunday => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9871C15-CAA9-4E61-BDBB-49498D67BE70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9871C15-CAA9-4E61-BDBB-49498D67BE70}" => key removed successfully
C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. 
"HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKU\S-1-5-21-2431670907-3491424385-537474094-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => key removed successfully
C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => key removed successfully
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Folder not found.
C:\Program Files\*.exe => moved successfully.
C:\Program Files (x86)\AVG => moved successfully.
C:\Program Files (x86)\MiuiTab => moved successfully.
"C:\Program Files (x86)\Opera" => File/Folder not found.
"C:\Program Files (x86)\WordAnchor_1.10.0.20" => File/Folder not found.
C:\ProgramData\msnbr.exe => moved successfully.
C:\ProgramData\IHProtectUpDate => moved successfully.
C:\ProgramData\AVG => moved successfully.
C:\ProgramData\Temp => moved successfully.
C:\Users\Lenovo\AppData\Local\Avg => moved successfully.
C:\Users\Lenovo\AppData\Local\Chromium => moved successfully.
C:\Users\Lenovo\AppData\Local\Opera Software => moved successfully.
C:\Users\Lenovo\AppData\Roaming\AVG => moved successfully.
"C:\Users\Lenovo\AppData\Roaming\istartsurf" => File/Folder not found.
C:\Users\Lenovo\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
C:\Users\Lenovo\AppData\Roaming\OpenCandy => moved successfully.
C:\Users\Lenovo\AppData\Roaming\Opera Software => moved successfully.
C:\Users\Lenovo\AppData\Roaming\Shortcut => moved successfully.
"C:\Windows\system32\Drivers\wafd_vt_1_10_0_20.sys" => File/Folder not found.
"C:\Windows\system32\Drivers\wafd_vw_1_10_0_20.sys" => File/Folder not found.
C:\Windows\system32\Drivers\SWDUMon.sys => moved successfully.
C:\WINDOWS\SysWOW64\sqlite3.dll => moved successfully.
"H:\pendrive (16GB).lnk" => File/Folder not found.

=========  attrib /d /s -s -h H:\* =========

Path not found - H:\

========= End of CMD: =========


========= reg delete HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\dobreprogramy /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Adobe Reader Speed Launcher" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

EmptyTemp: => 407.3 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 17:57:26 ====