Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015 Ran by Ellen (2015-09-23 20:56:02) Run:1 Running from C:\Users\Ellen\Downloads Loaded Profiles: Ellen (Available Profiles: Ellen) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [GoogleChromeAutoLaunch_471C568578175D6DF77F6D2460619B03] => C:\Users\Ellen\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-03] (The Chromium Authors) HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [DeskBar] => C:\Users\Ellen\AppData\Local\DeskBar\dblaunch.exe HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [WindApp] => "C:\Users\Ellen\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Run: [Selection Tools] => "C:\Users\Ellen\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ellen\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll No File GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] () Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] () Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] () Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] () Winsock: Catalog9-x64 17 C:\WINDOWS\system32\Haedyanurv64.dll [353608 2015-09-08] () HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=55&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&SSPV=SP30500TA_sp_ie SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir= SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms} SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M89F0110C-C151-4163-88B6-B1F0CC9B52B7&SearchSource=58&CUI=&UM=8&UP=SP76DD2D66-F056-46FB-9377-96A3F592F73F&D=090815&q={searchTerms}&SSPV=SP30500TA_sp_ie SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e, SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw8_15_36&cd=2XzuyEtN2Y1L1QzutA0CtDyByBtCyCyCyE0D0Ezy0AyD0F0FtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SzytByBzy0Fzz0B0EtGzz0D0B0FtGyE0BtByBtG0ByEtA0BtG0ByBtA0EyEyCzzyByC0Bzzzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DzztB0F0C0C0AtG0A0A0EtDtGyE0BtBzztG0A0FtA0AtG0CzytDyE0DzzyD0ByD0CtC0B2QtN0A0LzuyE&cr=1365513339&ir= SearchScopes: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www-searching.com/search.aspx?s=F98zbwybl002,16e48174-861d-40fc-a252-76eb3e60302e&site=shyosie&prd=set&q={searchTerms} FF user.js: detected! => C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default\user.js [2015-09-11] S2 Update Super Great; "C:\Program Files (x86)\Super Great\updateSuperGreat.exe" [X] R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-09-08] () R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider) R1 {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64; C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys [48744 2015-09-05] (StdLib) 2015-09-19 20:53 - 2015-09-19 20:53 - 02012464 _____ C:\Users\Ellen\Downloads\Adaware_Installer.exe 2015-09-19 20:53 - 2015-09-19 20:53 - 00000000 ____D C:\ProgramData\Lavasoft 2015-09-19 00:17 - 2015-09-19 00:17 - 00000000 ____D C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0 2015-09-19 00:16 - 2015-09-19 00:17 - 06383209 _____ C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0.zip 2015-09-18 23:18 - 2015-09-18 23:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ellen\Downloads\.exe.exe 2015-09-18 23:10 - 2015-09-18 23:11 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ellen\Downloads\SpyHunter-Installer.exe 2015-09-17 12:27 - 2015-09-17 12:28 - 04902832 _____ (VAPC (Lux) S.a.r.L) C:\Users\Ellen\Downloads\wzro32.exe 2015-09-10 18:10 - 2015-09-21 22:10 - 00000276 _____ C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job 2015-09-10 18:10 - 2015-09-10 18:10 - 00003234 _____ C:\WINDOWS\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} 2015-09-10 15:26 - 2015-09-10 15:30 - 00000000 ____D C:\Program Files (x86)\baidu 2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Baidu 2015-09-10 15:26 - 2015-09-10 15:26 - 00000000 ____D C:\ProgramData\Baidu 2015-09-08 23:48 - 2015-09-10 18:09 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\WTools 2015-09-08 23:48 - 2015-09-10 15:58 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Store 2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\WindApp.installation.log 2015-09-08 23:48 - 2015-09-08 23:48 - 00000078 _____ C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log 2015-09-08 23:47 - 2015-09-10 15:54 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Nosibay 2015-09-08 23:47 - 2015-09-08 23:49 - 00001309 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log 2015-09-08 23:47 - 2015-09-08 23:48 - 00005713 _____ C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log 2015-09-08 23:47 - 2015-09-08 23:47 - 00000097 _____ C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log 2015-09-08 21:53 - 2015-09-08 21:53 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys 2015-09-08 21:51 - 2015-09-10 17:53 - 00004760 _____ C:\WINDOWS\SysWOW64\Haedyanurv.ini 2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\SysWOW64\HaedyanurvOff.ini 2015-09-08 21:51 - 2015-09-10 17:53 - 00002480 _____ C:\WINDOWS\system32\HaedyanurvOff.ini 2015-09-08 21:51 - 2015-09-08 21:51 - 00003686 _____ C:\WINDOWS\System32\Tasks\BAUpd 2015-09-08 21:51 - 2015-09-08 21:51 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir 2015-09-08 21:51 - 2015-09-08 10:28 - 00353608 _____ C:\WINDOWS\system32\Haedyanurv64.dll 2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\WINDOWS\system32\ebon 2015-09-08 21:50 - 2015-09-08 21:50 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\ortmp 2015-09-08 21:49 - 2015-09-10 18:06 - 00000000 ____D C:\Program Files\groover080920151225 2015-09-08 21:49 - 2015-09-08 21:49 - 00000045 _____ C:\user.js 2015-09-08 21:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2015-09-08 21:48 - 2015-09-10 17:52 - 00000000 ____D C:\Program Files\Common Files\Goobzo 2015-09-08 21:48 - 2015-09-10 15:29 - 00000000 ____D C:\Program Files\WebBar 2015-09-08 21:48 - 2015-09-08 21:48 - 00000000 ____D C:\ProgramData\SearchModule 2015-09-06 00:03 - 2015-09-06 00:03 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C 2015-09-06 00:02 - 2015-09-06 00:02 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-09-05 23:59 - 2015-09-10 15:28 - 00000000 ____D C:\Users\Ellen\AppData\Local\Chromium 2015-09-05 23:56 - 2015-09-22 16:56 - 00000282 _____ C:\WINDOWS\Tasks\Tny_Cassiopesa.job 2015-09-05 23:56 - 2015-09-11 21:35 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v57.1978 2015-09-05 23:56 - 2015-09-10 18:13 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro 2015-09-05 23:56 - 2015-09-05 23:56 - 00002774 _____ C:\WINDOWS\System32\Tasks\Tny_Cassiopesa 2015-09-05 23:56 - 2015-09-05 23:56 - 00000008 _____ C:\END 2015-09-05 22:18 - 2015-09-05 22:18 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-05 20:09 - 2015-09-05 20:09 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job Task: {ACD04BE6-A213-43D1-9927-0A8D84BC524D} - System32\Tasks\Tny_Cassiopesa => C:\Users\Ellen\AppData\Local\{D7C0E~1\UNINST~1.EXE Task: {C428CDF0-183F-41FB-BBA3-CC681F8174BF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION Task: {E6123579-7B41-4C28-91FD-C74D066AA5FA} - System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe [2015-07-07] () Task: {F787EC95-8C1B-4095-873A-82B5CF7B2AB3} - System32\Tasks\BAUpd => C:\Users\Ellen\AppData\Local\BrowserAir\Application\updater.exe Task: C:\WINDOWS\Tasks\Tny_Cassiopesa.job => Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe C:\Program Files (x86)\baidu C:\Users\Ellen\AppData\Local\Chromium C:\Program Files\SpaceSoundPro C:\Program Files (x86)\Super Great C:\Windows\System32\drivers\{ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64.sys C:\Users\Ellen\AppData\Local\DeskBar C:\Users\Ellen\AppData\Roaming\Store\WindApp cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_471C568578175D6DF77F6D2460619B03 => value removed successfully HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DeskBar => value removed successfully HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value removed successfully HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Selection Tools => value removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully "HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully "HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017" => key removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. "HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => key removed successfully HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. "HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. "HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key removed successfully HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found. C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\5hxdje8y.default\user.js => moved successfully Update Super Great => service removed successfully bsdriver => Unable to stop service. bsdriver => service could not remove cherimoya => Unable to stop service. cherimoya => service removed successfully {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64 => Unable to stop service. {ec691f88-7aa1-422e-8927-1e1e09131a80}Gw64 => service removed successfully C:\Users\Ellen\Downloads\Adaware_Installer.exe => moved successfully C:\ProgramData\Lavasoft => moved successfully C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0 => moved successfully C:\Users\Ellen\Downloads\mbam-chameleon-3.1.25.0.zip => moved successfully C:\Users\Ellen\Downloads\.exe.exe => moved successfully C:\Users\Ellen\Downloads\SpyHunter-Installer.exe => moved successfully C:\Users\Ellen\Downloads\wzro32.exe => moved successfully C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => moved successfully C:\WINDOWS\System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => moved successfully C:\Program Files (x86)\baidu => moved successfully C:\Users\Ellen\AppData\Roaming\Baidu => moved successfully C:\ProgramData\Baidu => moved successfully C:\Users\Ellen\AppData\Roaming\WTools => moved successfully C:\Users\Ellen\AppData\Roaming\Store => moved successfully C:\Users\Ellen\AppData\Roaming\WindApp.installation.log => moved successfully C:\Users\Ellen\AppData\Roaming\Selection Tools.installation.log => moved successfully C:\Users\Ellen\AppData\Roaming\Nosibay => moved successfully C:\Users\Ellen\AppData\Roaming\Bubble Dock.boostrap.log => moved successfully C:\Users\Ellen\AppData\Roaming\Bubble Dock.installation.log => moved successfully C:\Users\Ellen\AppData\Roaming\WindApp.boostrap.log => moved successfully Could not move "C:\WINDOWS\system32\Drivers\bsdriver.sys" => Scheduled to move on reboot. C:\WINDOWS\SysWOW64\Haedyanurv.ini => moved successfully C:\WINDOWS\SysWOW64\HaedyanurvOff.ini => moved successfully C:\WINDOWS\system32\HaedyanurvOff.ini => moved successfully C:\WINDOWS\System32\Tasks\BAUpd => moved successfully C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir => moved successfully C:\WINDOWS\system32\Haedyanurv64.dll => moved successfully C:\WINDOWS\system32\ebon => moved successfully C:\Users\Ellen\AppData\Roaming\ortmp => moved successfully C:\Program Files\groover080920151225 => moved successfully C:\user.js => moved successfully Could not move "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Scheduled to move on reboot. C:\Program Files\Common Files\Goobzo => moved successfully C:\Program Files\WebBar => moved successfully C:\ProgramData\SearchModule => moved successfully C:\Users\Ellen\AppData\Roaming\0U1E1Q1T2Z1P0S2Z1T1C => moved successfully C:\Users\Public\Documents\Baidu => moved successfully C:\Users\Ellen\AppData\Local\Chromium => moved successfully C:\WINDOWS\Tasks\Tny_Cassiopesa.job => moved successfully C:\Program Files (x86)\SpaceSondPro_v57.1978 => moved successfully C:\Program Files (x86)\SpaceSondPro => moved successfully C:\WINDOWS\System32\Tasks\Tny_Cassiopesa => moved successfully C:\END => moved successfully C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully "C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job" => File/Folder not found. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-23 20:57:16)<= ==> ATTENTION: System is not rebooted. "C:\WINDOWS\system32\Drivers\bsdriver.sys" => Could not move "C:\WINDOWS\system32\Drivers\cherimoya.sys" => Could not move ==== End of Fixlog 20:57:16 ====