Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Owner (2016-04-03 15:50:13) Run:1 Running from D:\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [win_en_77] => [X] CHR StartupUrls: Default -> "search.mpc.am" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=G34zftpbl2,a0bb3947-421f-421b-a48d-74dcc699a327,&prd=smw&q={searchTerms} CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Session Restore: Default -> is enabled. CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-03-03] 2016-03-03 21:34 - 2016-03-03 21:34 - 00003330 _____ C:\WINDOWS\System32\Tasks\{FDFD9010-D1F8-47BD-A280-FA9A29F8AA71} 2016-03-03 21:17 - 2016-03-25 17:44 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Company 2016-03-03 21:17 - 2016-03-14 17:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TymfoWea 2016-03-03 21:17 - 2016-03-03 21:17 - 00003418 _____ C:\WINDOWS\System32\Tasks\Uefoj 2016-03-03 21:17 - 2016-03-03 21:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempfolder 2016-03-03 21:11 - 2016-03-03 21:11 - 00003748 _____ C:\WINDOWS\System32\Tasks\{770B6B26-C9C1-4D00-848C-E196823DFC76} 2016-03-03 20:57 - 2016-03-03 21:50 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner CustomCLSID: HKU\S-1-5-21-1225192743-1763719466-560388653-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1225192743-1763719466-560388653-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File Task: {1FC14DE9-5DB3-4AF3-8F84-FCB2626CF6F9} - System32\Tasks\{770B6B26-C9C1-4D00-848C-E196823DFC76} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Jobantrax\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Jobantrax\uninstall.dat" -a uninstallme B66FCBFF-7CF3-4B53-A750-49C7D44523C1 DeviceId=5d75f071-d9ac-3a99-4609-cf7637cb52df BarcodeId=50081003 ChannelId=3 DistributerName=APSFIMonetizer Task: {49321AF2-848F-4E4E-BB8C-984FB28A3D17} - System32\Tasks\{FDFD9010-D1F8-47BD-A280-FA9A29F8AA71} => pcalua.exe -a C:\Users\Owner\AppData\Local\AAAAAAAA-1457036269-AAAA-AAAA-D8CB8A700F1E\Uninstall.exe Task: {71F2E7C8-75F1-481F-A5A4-76C1376D8B40} - System32\Tasks\Uefoj => C:\PROGRA~1\SHOPPE~1\Zuuesdu.bat C:\PROGRA~1\SHOPPE~1 Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully Chrome StartupUrls => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully Chrome DefaultSuggestURL => removed successfully Chrome Session Restore: => not found. C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully C:\WINDOWS\System32\Tasks\{FDFD9010-D1F8-47BD-A280-FA9A29F8AA71} => moved successfully C:\Users\Owner\AppData\LocalLow\Company => moved successfully C:\Users\Owner\AppData\Roaming\TymfoWea => moved successfully C:\WINDOWS\System32\Tasks\Uefoj => moved successfully C:\Users\Owner\AppData\Local\Tempfolder => moved successfully C:\WINDOWS\System32\Tasks\{770B6B26-C9C1-4D00-848C-E196823DFC76} => moved successfully C:\Program Files (x86)\MPC Cleaner => moved successfully "HKU\S-1-5-21-1225192743-1763719466-560388653-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully "HKU\S-1-5-21-1225192743-1763719466-560388653-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FC14DE9-5DB3-4AF3-8F84-FCB2626CF6F9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FC14DE9-5DB3-4AF3-8F84-FCB2626CF6F9}" => key removed successfully C:\WINDOWS\System32\Tasks\{770B6B26-C9C1-4D00-848C-E196823DFC76} => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{770B6B26-C9C1-4D00-848C-E196823DFC76}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49321AF2-848F-4E4E-BB8C-984FB28A3D17}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49321AF2-848F-4E4E-BB8C-984FB28A3D17}" => key removed successfully C:\WINDOWS\System32\Tasks\{FDFD9010-D1F8-47BD-A280-FA9A29F8AA71} => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDFD9010-D1F8-47BD-A280-FA9A29F8AA71}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71F2E7C8-75F1-481F-A5A4-76C1376D8B40}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71F2E7C8-75F1-481F-A5A4-76C1376D8B40}" => key removed successfully C:\WINDOWS\System32\Tasks\Uefoj => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uefoj" => key removed successfully "C:\PROGRA~1\SHOPPE~1" => not found. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1225192743-1763719466-560388653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1225192743-1763719466-560388653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10586 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {806F50C1-B596-4215-9997-C7875CD626A1}. {4712C4FB-4A8C-4736-8D12-2AAAEF686BCA} canceled. {B3FDF9FE-1481-4391-AEB3-1727DFFF0A64} canceled. {F79A12DC-C289-4FBC-9434-5E3D19DA9380} canceled. 3 out of 4 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 836.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 15:50:25 ====