Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015 Ran by user (2015-11-10 16:57:29) Run:1 Running from C:\Users\user\Downloads\gmer Loaded Profiles: user (Available Profiles: user) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X] S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] S2 PdiService; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [X] S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X] HKLM-x32\...\Run: [] => [X] HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, Winlogon\Notify\ScCertProp: HKU\S-1-5-21-3455464757-3093656346-2702893615-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe Task: {25ED5BC3-10CC-48ED-93CB-F55B7B72108B} - System32\Tasks\{A785BDC3-EA77-4CFB-B446-28129F11A650} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4UPCHB0\sp52211.exe" -d C:\Users\Administrator\Desktop Task: {6795F5F2-457E-45EC-AEE0-81BEC4DE31DE} - System32\Tasks\{97F9A8A6-0A04-4FCB-B979-581D1F680188} => pcalua.exe -a C:\Users\user\Downloads\sp61783.exe -d C:\Users\user\Downloads Task: {68271B30-EB14-41AB-A0A8-CB6C0FEB2BF9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {7C126D02-5C56-4F87-B01F-258C4879A02D} - System32\Tasks\{EE207310-3657-4921-888A-BC1576655CC5} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KG5G8L6C\sp55757.exe" -d C:\Users\Administrator\Desktop Task: {7C85F6D7-5A89-4371-87B6-46AC53B18B91} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {9ED8420B-7CE5-4B2A-99B4-F812FF740749} - System32\Tasks\{D5B23B92-5528-49B5-A7AF-4D30BA9F1090} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO44V2D5\sp54614.exe" -d C:\Users\Administrator\Desktop Task: {C9DBB28D-2647-41C4-8EC4-44A94521C598} - System32\Tasks\{4263683A-706B-4A3F-8F63-2D51FA86BC01} => pcalua.exe -a "C:\Users\user\Downloads\dxwebsetup (1).exe" -d C:\Users\user\Downloads Task: {D36D0AA6-3E4E-4F2B-B98C-88F63306A13C} - System32\Tasks\BatteryCareAuto => C:\Program Files (x86)\BatteryCare\BatteryCare.exe Task: {D464F946-6549-4A8B-88FD-B6FEA9C7EAF9} - System32\Tasks\{72FB0EC8-F6F1-4A08-AECA-F3BD82B2B52D} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNQIDYNS\sp54317.exe" -d C:\Users\Administrator\Desktop Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\EEK RemoveDirectory: C:\Program Files\McAfee Security Scan RemoveDirectory: C:\Program Files (x86)\Lenovo\Customer Feedback Program RemoveDirectory: C:\Program Files (x86)\Spybot - Search & Destroy 2 RemoveDirectory: C:\Program Files\Common Files\AV RemoveDirectory: C:\ProgramData\Panda Security RemoveDirectory: C:\ProgramData\panda_url_filtering RemoveDirectory: C:\ProgramData\Spybot - Search & Destroy RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack RemoveDirectory: C:\Users\user\AppData\Roaming\Panda Security RemoveDirectory: C:\Users\user\REACHit RemoveDirectory: C:\Windows\Tasks\ImCleanDisabled RemoveDirectory: C:\Windows\System32\Tasks\Lenovo RemoveDirectory: C:\Windows\System32\Tasks\Safer-Networking Folder: C:\Program Files (x86)\Lenovo Folder: C:\Users\user\AppData\Local\Lenovo CMD: del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat CMD: del /q C:\Users\user\Downloads\*.crdownload CMD: del /q C:\Users\user\Downloads\adwcleaner*.exe CMD: del /q C:\Users\user\Downloads\gmer.zip CMD: del /q C:\Users\user\Downloads\hitmanpro*.exe CMD: del /q C:\Users\user\Downloads\iExplore*.exe CMD: del /q C:\Users\user\Downloads\spybot-2.4.exe CMD: del /q C:\Users\user\Downloads\tdsskiller.exe CMD: del /q "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk" CMD: del /q "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\KaraFun Player 2.lnk" CMD: del /q "C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk" CMD: del /q C:\Windows\system32dbgraw.bmp CMD: netsh advfirewall reset Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\nvsvc" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. MBAMSwissArmy => service removed successfully panda_url_filtering => service removed successfully panda_url_filteringd => service removed successfully Partizan => service removed successfully PdiService => service removed successfully RAMDiskVE => service removed successfully WinRing0_1_2_0 => service removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully HKU\S-1-5-21-3455464757-3093656346-2702893615-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25ED5BC3-10CC-48ED-93CB-F55B7B72108B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25ED5BC3-10CC-48ED-93CB-F55B7B72108B}" => key removed successfully C:\Windows\System32\Tasks\{A785BDC3-EA77-4CFB-B446-28129F11A650} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A785BDC3-EA77-4CFB-B446-28129F11A650}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6795F5F2-457E-45EC-AEE0-81BEC4DE31DE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6795F5F2-457E-45EC-AEE0-81BEC4DE31DE}" => key removed successfully C:\Windows\System32\Tasks\{97F9A8A6-0A04-4FCB-B979-581D1F680188} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97F9A8A6-0A04-4FCB-B979-581D1F680188}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68271B30-EB14-41AB-A0A8-CB6C0FEB2BF9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68271B30-EB14-41AB-A0A8-CB6C0FEB2BF9}" => key removed successfully C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C126D02-5C56-4F87-B01F-258C4879A02D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C126D02-5C56-4F87-B01F-258C4879A02D}" => key removed successfully C:\Windows\System32\Tasks\{EE207310-3657-4921-888A-BC1576655CC5} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE207310-3657-4921-888A-BC1576655CC5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C85F6D7-5A89-4371-87B6-46AC53B18B91}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C85F6D7-5A89-4371-87B6-46AC53B18B91}" => key removed successfully C:\Windows\System32\Tasks\Driver Booster SkipUAC (user) => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (user)" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ED8420B-7CE5-4B2A-99B4-F812FF740749}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ED8420B-7CE5-4B2A-99B4-F812FF740749}" => key removed successfully C:\Windows\System32\Tasks\{D5B23B92-5528-49B5-A7AF-4D30BA9F1090} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5B23B92-5528-49B5-A7AF-4D30BA9F1090}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9DBB28D-2647-41C4-8EC4-44A94521C598}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DBB28D-2647-41C4-8EC4-44A94521C598}" => key removed successfully C:\Windows\System32\Tasks\{4263683A-706B-4A3F-8F63-2D51FA86BC01} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4263683A-706B-4A3F-8F63-2D51FA86BC01}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36D0AA6-3E4E-4F2B-B98C-88F63306A13C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36D0AA6-3E4E-4F2B-B98C-88F63306A13C}" => key removed successfully C:\Windows\System32\Tasks\BatteryCareAuto => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BatteryCareAuto" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D464F946-6549-4A8B-88FD-B6FEA9C7EAF9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D464F946-6549-4A8B-88FD-B6FEA9C7EAF9}" => key removed successfully C:\Windows\System32\Tasks\{72FB0EC8-F6F1-4A08-AECA-F3BD82B2B52D} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72FB0EC8-F6F1-4A08-AECA-F3BD82B2B52D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking => key removed successfully "C:\AdwCleaner" => removed successfully. "C:\EEK" => removed successfully. "C:\Program Files\McAfee Security Scan" => removed successfully. "C:\Program Files (x86)\Lenovo\Customer Feedback Program" => removed successfully. "C:\Program Files (x86)\Spybot - Search & Destroy 2" => removed successfully. "C:\Program Files\Common Files\AV" => removed successfully. "C:\ProgramData\Panda Security" => removed successfully. "C:\ProgramData\panda_url_filtering" => removed successfully. "C:\ProgramData\Spybot - Search & Destroy" => removed successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17" => removed successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack" => removed successfully. "C:\Users\user\AppData\Roaming\Panda Security" => removed successfully. "C:\Users\user\REACHit" => removed successfully. "C:\Windows\Tasks\ImCleanDisabled" => removed successfully. "C:\Windows\System32\Tasks\Lenovo" => removed successfully. "C:\Windows\System32\Tasks\Safer-Networking" => removed successfully. ========================= Folder: C:\Program Files (x86)\Lenovo ======================== ====== End of Folder: ====== ========================= Folder: C:\Users\user\AppData\Local\Lenovo ======================== 2015-11-08 17:14 - 2015-11-08 17:20 - 0000000 ____D () C:\Users\user\AppData\Local\Lenovo\REACHit 2015-11-08 17:14 - 2015-11-08 17:15 - 0000706 _____ () C:\Users\user\AppData\Local\Lenovo\REACHit\settings.bak 2015-11-08 17:14 - 2015-11-08 17:20 - 0000706 _____ () C:\Users\user\AppData\Local\Lenovo\REACHit\settings.json ====== End of Folder: ====== ========= del /q C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\*.crdownload ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\adwcleaner*.exe ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\gmer.zip ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\hitmanpro*.exe ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\iExplore*.exe ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\spybot-2.4.exe ========= ========= End of CMD: ========= ========= del /q C:\Users\user\Downloads\tdsskiller.exe ========= ========= End of CMD: ========= ========= del /q "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk" ========= ========= End of CMD: ========= ========= del /q "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\KaraFun Player 2.lnk" ========= ========= End of CMD: ========= ========= del /q "C:\Users\user\Desktop\Start Emsisoft Emergency Kit.lnk" ========= ========= End of CMD: ========= ========= del /q C:\Windows\system32dbgraw.bmp ========= ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\nvsvc" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= The operation completed successfully. ========= End of Reg: ========= EmptyTemp: => 769.8 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 16:58:03 ====