Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2016 Ran by SYSTEM (2016-07-21 20:25:26) Run:1 Running from E:\ Boot Mode: Recovery ============================================== fixlist content: ***************** HKLM\...\Run: [Note-up] => C:\Program Files\Note-up\note-up.exe [6777856 2016-05-18] (TODO: ) HKLM\...\Run: [L] => C:\Program Files\Power Update\fatalerror.exe [245760 2016-07-14] () HKLM\...\Run: [cpx] => C:\Program Files\cpx\cpx.exe [641536 2016-03-24] () HKLM\...\RunOnce: [Update] => C:\Users\JLyn\AppData\Roaming\NUIns\NUIns.exe [1108126 2016-07-20] () HKLM\...\Winlogon: [Shell] C:\Program Files\Power Update\fatalerror.exe [x ] () <=== ATTENTION HKU\JLyn\...\Run: [L] => C:\Program Files\Power Update\fatalerror.exe [245760 2016-07-14] () HKU\JLyn\...\Run: [fastweb] => C:\Program Files\FastWeb\fastweb.exe [194048 2016-07-20] () HKU\JLyn\...\Winlogon: [Shell] C:\Program Files\Power Update\fatalerror.exe [245760 2016-07-14] () <==== ATTENTION S2 55218e6f4f23000c941bd2cd54b2b717; C:\Program Files\55218e6f4f23000c941bd2cd54b2b717\cbced1c097d7ae63193d8d2a97ca9d86.exe [3483648 2016-07-18] () S2 Dataup; C:\Program Files\dataup\dataup.exe [77824 2015-08-06] () S2 dowidoly; C:\Program Files\12345678-1469022310-5678-90AB-CDDEEFAABBCC\jnsm8CE0.tmp [244224 2016-07-20] () S2 kijuxokozbt; C:\Program Files\12345678-1469022310-5678-90AB-CDDEEFAABBCC\knslF627.tmp [480768 2016-07-20] () S2 rijufoze; C:\Program Files\12345678-1469022310-5678-90AB-CDDEEFAABBCC\hnsgA53C.tmp [138240 2016-07-20] () S2 windowsmanagementservice; C:\Users\JLyn\AppData\Local\Temp\20160720\ct.exe [852992 2016-03-21] (Google Inc.) S1 0db2c77f75b621415c89c6d10c45e881; C:\WINDOWS\system32\drivers\0db2c77f75b621415c89c6d10c45e881.sys [69072 2016-07-18] (IKWAA2) S1 bsdp32; C:\WINDOWS\system32\Drivers\bsdp32.sys [32576 2016-07-20] () C:\Program Files\55218e6f4f23000c941bd2cd54b2b717 C:\Users\JLyn\AppData\Local\Temp\20160720 C:\WINDOWS\system32\drivers\0db2c77f75b621415c89c6d10c45e881.sys 2016-07-20 10:37 - 2016-07-20 10:37 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER 2016-07-20 09:41 - 2016-07-20 09:41 - 00000000 ___DC C:\Program Files\Nusrekkegu 2016-07-20 07:04 - 2016-07-20 15:07 - 00000000 ___DC C:\Users\JLyn\AppData\Local\mstrn32 2016-07-20 07:04 - 2016-07-20 09:05 - 00000000 ___DC C:\Users\JLyn\AppData\Local\cpx 2016-07-20 05:52 - 2016-07-21 12:01 - 00000000 ___DC C:\Program Files\cpx 2016-07-20 05:52 - 2016-07-20 05:52 - 00000000 ___DC C:\Program Files\regtool 2016-07-20 05:51 - 2016-07-21 13:17 - 00031091 ____C C:\Windows\2ae877468b564e445daaea9ec08b3cf1.ps1 2016-07-20 05:51 - 2016-07-21 13:17 - 00000000 ___DC C:\Program Files\55218e6f4f23000c941bd2cd54b2b717 2016-07-20 05:51 - 2016-07-20 05:52 - 00000000 ___DC C:\Program Files\msrtn32 2016-07-20 05:51 - 2016-07-20 05:51 - 00032576 ____C C:\Windows\System32\Drivers\bsdp32.sys 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Windows\System32\SSL 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Users\JLyn\AppData\Roaming\SejafLuo 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Users\JLyn\AppData\Roaming\gplyra 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Users\JLyn\AppData\Roaming\Efhpe 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Users\JLyn\AppData\Local\Tempfolder 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\JadmiipmefkowadUn 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\Jadmiipmefkowad 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\Itibiti Soft Phone 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\FastWeb 2016-07-20 05:51 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\dataup 2016-07-20 05:50 - 2016-07-20 05:51 - 00011568 ____C C:\Users\JLyn\AppData\Roaming\InstallationConfiguration.xml 2016-07-20 05:50 - 2016-07-20 05:51 - 00000000 ___DC C:\Program Files\CleanBrowser 2016-07-20 05:50 - 2016-07-20 05:50 - 00129024 ____C C:\Users\JLyn\AppData\Roaming\Installer.dat 2016-07-20 05:50 - 2016-07-20 05:50 - 00000000 ___DC C:\Users\JLyn\AppData\Local\Apps\2.0 2016-07-20 05:50 - 2016-07-20 05:50 - 00000000 ___DC C:\Program Files\Power Update 2016-07-20 05:50 - 2016-07-20 05:50 - 00000000 ____C C:\Windows\System32\Number of results 2016-07-20 05:46 - 2016-07-20 05:46 - 01002871 ____C C:\Users\JLyn\AppData\Local\setupone.exe 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\Users\JLyn\AppData\Roaming\Note-UP 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\Users\JLyn\AppData\Roaming\c 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\ProgramData\1469022385 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\Program Files\S5 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\Program Files\Note-up 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ___DC C:\Program Files\maguire 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ____C C:\Users\JLyn\AppData\Local\tr5b.txt 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ____C C:\Users\JLyn\AppData\Local\stxtname.txt 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ____C C:\Users\JLyn\AppData\Local\run.txt 2016-07-20 05:46 - 2016-07-20 05:46 - 00000000 ____C C:\Users\JLyn\AppData\Local\aatxtname.txt 2016-07-20 05:45 - 2016-07-21 11:49 - 00000000 ___DC C:\Program Files\12345678-1469022310-5678-90AB-CDDEEFAABBCC C:\Windows\Tasks\{35EB43BE-DCF4-0D78-59EB-0D17D864E85D}.job ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Note-up => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\L => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Update => value removed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKU\JLyn\Software\Microsoft\Windows\CurrentVersion\Run\\L => value removed successfully. HKU\JLyn\Software\Microsoft\Windows\CurrentVersion\Run\\fastweb => value removed successfully. HKU\JLyn\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully. 55218e6f4f23000c941bd2cd54b2b717 => service removed successfully. Dataup => service removed successfully. dowidoly => service removed successfully. kijuxokozbt => service removed successfully. rijufoze => service removed successfully. windowsmanagementservice => service removed successfully. 0db2c77f75b621415c89c6d10c45e881 => service removed successfully. bsdp32 => service removed successfully. C:\Program Files\55218e6f4f23000c941bd2cd54b2b717 => moved successfully C:\Users\JLyn\AppData\Local\Temp\20160720 => moved successfully C:\WINDOWS\system32\drivers\0db2c77f75b621415c89c6d10c45e881.sys => moved successfully C:\Program Files\Common Files\DESIGNER => moved successfully C:\Program Files\Nusrekkegu => moved successfully C:\Users\JLyn\AppData\Local\mstrn32 => moved successfully C:\Users\JLyn\AppData\Local\cpx => moved successfully C:\Program Files\cpx => moved successfully C:\Program Files\regtool => moved successfully C:\Windows\2ae877468b564e445daaea9ec08b3cf1.ps1 => moved successfully "C:\Program Files\55218e6f4f23000c941bd2cd54b2b717" => not found. C:\Program Files\msrtn32 => moved successfully C:\Windows\System32\Drivers\bsdp32.sys => moved successfully C:\Windows\System32\SSL => moved successfully C:\Users\JLyn\AppData\Roaming\SejafLuo => moved successfully C:\Users\JLyn\AppData\Roaming\gplyra => moved successfully C:\Users\JLyn\AppData\Roaming\Efhpe => moved successfully C:\Users\JLyn\AppData\Local\Tempfolder => moved successfully C:\Program Files\JadmiipmefkowadUn => moved successfully C:\Program Files\Jadmiipmefkowad => moved successfully C:\Program Files\Itibiti Soft Phone => moved successfully C:\Program Files\FastWeb => moved successfully C:\Program Files\dataup => moved successfully C:\Users\JLyn\AppData\Roaming\InstallationConfiguration.xml => moved successfully C:\Program Files\CleanBrowser => moved successfully C:\Users\JLyn\AppData\Roaming\Installer.dat => moved successfully C:\Users\JLyn\AppData\Local\Apps\2.0 => moved successfully C:\Program Files\Power Update => moved successfully C:\Windows\System32\Number of results => moved successfully C:\Users\JLyn\AppData\Local\setupone.exe => moved successfully C:\Users\JLyn\AppData\Roaming\Note-UP => moved successfully C:\Users\JLyn\AppData\Roaming\c => moved successfully C:\ProgramData\1469022385 => moved successfully C:\Program Files\S5 => moved successfully C:\Program Files\Note-up => moved successfully C:\Program Files\maguire => moved successfully C:\Users\JLyn\AppData\Local\tr5b.txt => moved successfully C:\Users\JLyn\AppData\Local\stxtname.txt => moved successfully C:\Users\JLyn\AppData\Local\run.txt => moved successfully C:\Users\JLyn\AppData\Local\aatxtname.txt => moved successfully C:\Program Files\12345678-1469022310-5678-90AB-CDDEEFAABBCC => moved successfully C:\Windows\Tasks\{35EB43BE-DCF4-0D78-59EB-0D17D864E85D}.job => moved successfully ==== End of Fixlog 20:25:28 ====