Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by stan (2016-04-16 10:37:25) Run:2 Running from C:\Users\stan\Downloads Loaded Profiles: stan (Available Profiles: stan) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_nrssi_16_11¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyE0DtByD0DtA0Azy0A0E0CtN0D0Tzu0StCyDyEtDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StA0F0BtA0E0Bzz0EtGtAtD0BzztGtByD0C0DtGtC0B0ByDtGzyyE0CtDyDyDyEtAtBzy0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByBzy0Azz0E0B0EtG0Czyzz0DtGyEyByEzztGzy0CtAzytGtAzytDtB0CyD0DyC0AyD0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D173393200%26a%3Djmb_nrssi_16_11%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nrssi_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyE0DtByD0DtA0Azy0A0E0CtN0D0Tzu0StCyDyEtDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StA0F0BtA0E0Bzz0EtGtAtD0BzztGtByD0C0DtGtC0B0ByDtGzyyE0CtDyDyDyEtAtBzy0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByBzy0Azz0E0B0EtG0Czyzz0DtGyEyByEzztGzy0CtAzytGtAzytDtB0CyD0DyC0AyD0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D173393200%26a%3Djmb_nrssi_16_11%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nrssi_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyE0DtByD0DtA0Azy0A0E0CtN0D0Tzu0StCyDyEtDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StA0F0BtA0E0Bzz0EtGtAtD0BzztGtByD0C0DtGtC0B0ByDtGzyyE0CtDyDyDyEtAtBzy0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByBzy0Azz0E0B0EtG0Czyzz0DtGyEyByEzztGzy0CtAzytGtAzytDtB0CyD0DyC0AyD0DyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D173393200%26a%3Djmb_nrssi_16_11%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe S2 0169341459181846mcinstcleanup; C:\WINDOWS\TEMP\016934~1.EXE -cleanup -nolog [X] S2 jhi_service; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe" [X] C:\Program Files (x86)\Java C:\Program Files (x86)\Spybot - Search & Destroy 2 C:\ProgramData\Oracle C:\ProgramData\Spybot - Search & Destroy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java C:\Users\stan\.oracle_jre_usage C:\Users\stan\AppData\Roaming\dlg C:\Users\stan\AppData\Roaming\Sun C:\Users\stan\Desktop\Goodgame Empire.lnk C:\WINDOWS\951d4bd064ca6b979e1db2f42a3b5e85.exe Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. Chrome DefaultSearchURL => removed successfully Chrome DefaultSuggestURL => removed successfully "HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\SOFTWARE\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bahkljhhdeciiaodlkppoonappfnheoi" => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73cd434e-8e1e-46b6-bb8d-7dd935140717}" => key removed successfully HKCR\CLSID\{73cd434e-8e1e-46b6-bb8d-7dd935140717} => key not found. "HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73cd434e-8e1e-46b6-bb8d-7dd935140717}" => key removed successfully HKCR\CLSID\{73cd434e-8e1e-46b6-bb8d-7dd935140717} => key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully 0169341459181846mcinstcleanup => service not found. jhi_service => service removed successfully C:\Program Files (x86)\Java => moved successfully C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully C:\ProgramData\Oracle => moved successfully C:\ProgramData\Spybot - Search & Destroy => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java => moved successfully C:\Users\stan\.oracle_jre_usage => moved successfully C:\Users\stan\AppData\Roaming\dlg => moved successfully C:\Users\stan\AppData\Roaming\Sun => moved successfully C:\Users\stan\Desktop\Goodgame Empire.lnk => moved successfully C:\WINDOWS\951d4bd064ca6b979e1db2f42a3b5e85.exe => moved successfully ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => 4.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 10:39:53 ====