Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Chewy (2016-07-05 16:52:01) Run:1 Running from C:\Users\Chewy\Downloads Loaded Profiles: Chewy (Available Profiles: Chewy) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKU\S-1-5-21-1551321902-3525539811-1481564533-1002\...\Run: [UXmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Chewy\AppData\Local\ATworks\stormPadcuda.dll HKLM-x32\...\Run: [Secured Net] => "C:\WINDOWS\che_020716\netsafe.exe" ShellIconOverlayIdentifiers: [FpPop] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.) 2016-07-04 06:40 - 2016-07-04 06:40 - 00000000 ____D C:\Users\Chewy\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence 2016-07-04 06:40 - 2016-07-04 06:40 - 00000000 _____ C:\Users\Chewy\AppData\Roaming\1.txt 2016-07-04 06:39 - 2016-07-04 06:39 - 00003624 _____ C:\WINDOWS\System32\Tasks\{33ACF9EE-FBBA-4BEF-A12A-2981D1BD5E7F} 2016-07-03 20:33 - 2016-07-03 20:33 - 00002375 _____ C:\Users\Chewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2016-07-03 20:32 - 2016-07-04 21:32 - 00000946 _____ C:\WINDOWS\Tasks\Yahoo! Powered mirer.job 2016-07-03 20:32 - 2016-07-04 06:39 - 00000000 ____D C:\Users\Chewy\AppData\Roaming\{A50A93B1-8058-FEC7-EB6E-D91537BC242B} 2016-07-03 20:32 - 2016-07-04 06:32 - 00000000 ____D C:\ProgramData\{CC150976-4657-83B0-C091-1DF25AD3963C} 2016-07-03 20:32 - 2016-07-03 20:32 - 00004024 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered mirer 2016-07-03 20:30 - 2016-07-04 06:59 - 00000000 ____D C:\Users\Chewy\AppData\Local\ATworks 2016-07-03 20:28 - 2016-07-04 06:58 - 00000000 ____D C:\Users\Chewy\AppData\Roaming\ssn 2016-07-03 20:28 - 2016-07-03 20:28 - 00000000 ____D C:\WINDOWS\che_020716 2016-07-03 20:28 - 2016-07-02 08:58 - 00000133 _____ C:\WINDOWS\ie.vbs Task: {000E0CD8-C7E5-4BBE-9BBE-DD4E37265873} - System32\Tasks\Funshion\FsLibraryLogonUpdate => C:\Program Files (x86)\Funshion Online\3.0.3.68\FsLibrary.exe Task: {9E943153-1999-4D1F-9A26-5850568417E6} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-03] (Distromatic) <==== ATTENTION Task: {9FA8A741-EFD2-468E-B127-3ACE8D5AEC22} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-03] (Distromatic) <==== ATTENTION Task: {A5F731A4-1B28-4CEC-BDC0-DD6D1DA6C54B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A8B5112D-3309-484D-8E9B-B18667D25623} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-03] (Distromatic) <==== ATTENTION Task: {BC778488-C85D-4920-8570-07F0C36C86FE} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-03] (Distromatic) <==== ATTENTION Task: C:\WINDOWS\Tasks\Yahoo! Powered mirer.job => C:\ProgramData\{CC150976-4657-83B0-C091-1DF25AD3963C}\cimo.txt <==== ATTENTION C:\Users\Chewy\AppData\Local\ATworks C:\WINDOWS\che_020716 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKU\S-1-5-21-1551321902-3525539811-1481564533-1002\Software\Microsoft\Windows\CurrentVersion\Run\\UXmedia => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Secured Net => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FpPop" => key removed successfully HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => key removed successfully HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found. Amazon 1Button App Service => Unable to stop service. Amazon 1Button App Service => service removed successfully C:\Users\Chewy\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence => moved successfully C:\Users\Chewy\AppData\Roaming\1.txt => moved successfully C:\WINDOWS\System32\Tasks\{33ACF9EE-FBBA-4BEF-A12A-2981D1BD5E7F} => moved successfully C:\Users\Chewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk => moved successfully C:\WINDOWS\Tasks\Yahoo! Powered mirer.job => moved successfully C:\Users\Chewy\AppData\Roaming\{A50A93B1-8058-FEC7-EB6E-D91537BC242B} => moved successfully C:\ProgramData\{CC150976-4657-83B0-C091-1DF25AD3963C} => moved successfully C:\WINDOWS\System32\Tasks\Yahoo! Powered mirer => moved successfully C:\Users\Chewy\AppData\Local\ATworks => moved successfully C:\Users\Chewy\AppData\Roaming\ssn => moved successfully "C:\WINDOWS\che_020716" folder move: Could not move "C:\WINDOWS\che_020716" => Scheduled to move on reboot. C:\WINDOWS\ie.vbs => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{000E0CD8-C7E5-4BBE-9BBE-DD4E37265873}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000E0CD8-C7E5-4BBE-9BBE-DD4E37265873}" => key removed successfully C:\WINDOWS\System32\Tasks\Funshion\FsLibraryLogonUpdate => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funshion\FsLibraryLogonUpdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E943153-1999-4D1F-9A26-5850568417E6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E943153-1999-4D1F-9A26-5850568417E6}" => key removed successfully C:\WINDOWS\System32\Tasks\DistromaticUpdater-periodic => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FA8A741-EFD2-468E-B127-3ACE8D5AEC22}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FA8A741-EFD2-468E-B127-3ACE8D5AEC22}" => key removed successfully C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5F731A4-1B28-4CEC-BDC0-DD6D1DA6C54B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F731A4-1B28-4CEC-BDC0-DD6D1DA6C54B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8B5112D-3309-484D-8E9B-B18667D25623}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B5112D-3309-484D-8E9B-B18667D25623}" => key removed successfully C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC778488-C85D-4920-8570-07F0C36C86FE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC778488-C85D-4920-8570-07F0C36C86FE}" => key removed successfully C:\WINDOWS\System32\Tasks\DistromaticUpdater-logon => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => key removed successfully C:\WINDOWS\Tasks\Yahoo! Powered mirer.job => not found. "C:\Users\Chewy\AppData\Local\ATworks" => not found. "C:\WINDOWS\che_020716" folder move: Could not move "C:\WINDOWS\che_020716" => Scheduled to move on reboot. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1551321902-3525539811-1481564533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1551321902-3525539811-1481564533-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {94E3FAF0-1E41-46BA-A6E2-793D9F2499A4}. 0 out of 1 jobs canceled. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11717723 B Java, Flash, Steam htmlcache => 126478687 B Windows/system/drivers => 40345616 B Edge => 0 B Chrome => 368761414 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 27739216 B NetworkService => 153206784 B UpdatusUser => 0 B Chewy => 150724708 B RecycleBin => 0 B EmptyTemp: => 838.5 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-05 16:56:58) C:\WINDOWS\che_020716 => Is moved successfully C:\WINDOWS\che_020716 => Is moved successfully ==== End of Fixlog 16:56:58 ====