Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03 Ran by Jeff at 2014-12-12 10:00:39 Run:1 Running from C:\Users\Jeff\Desktop Loaded Profile: Jeff (Available profiles: Jeff) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001 -> {2B832064-4616-4470-8416-CB07FF55DB6C} URL = SearchScopes: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001 -> {40E0C54D-E407-4B9B-86C7-97CDBE5EE35F} URL = http://search.condui...q={searchTerms} SearchScopes: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CustomCLSID: HKU\S-1-5-21-2534424839-3201483776-2275768760-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? Task: {CD8A0460-C77B-4833-AF7F-0062DA040223} - System32\Tasks\DTReg => C:\Users\Jeff\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION C:\Users\Jeff\AppData\Roaming\DefaultTab EmptyTemp: CMD: bitsadmin /reset /allusers ***************** "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B832064-4616-4470-8416-CB07FF55DB6C}" => Key deleted successfully. "HKCR\CLSID\{2B832064-4616-4470-8416-CB07FF55DB6C}" => Key not found. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E0C54D-E407-4B9B-86C7-97CDBE5EE35F}" => Key deleted successfully. "HKCR\CLSID\{40E0C54D-E407-4B9B-86C7-97CDBE5EE35F}" => Key not found. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully. "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found. "HKU\S-1-5-21-2534424839-3201483776-2275768760-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD8A0460-C77B-4833-AF7F-0062DA040223}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD8A0460-C77B-4833-AF7F-0062DA040223}" => Key deleted successfully. C:\Windows\System32\Tasks\DTReg => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => Key deleted successfully. "C:\Users\Jeff\AppData\Roaming\DefaultTab" => File/Directory not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {07F65B6B-EC36-494E-8492-4874428AD8EA} canceled. {B3E24B75-0825-4E11-9DBA-A01F253F2019} canceled. {7E0307A7-7EA2-4654-AEBC-97CEB1262255} canceled. {DE698B52-0111-48EC-BCB6-003F2B22972B} canceled. {40AD7703-3D8E-4E27-9031-A32559708130} canceled. {4B4AADD9-E4C2-4716-86E8-CAED158C6BD9} canceled. {B0A97D9A-D1FD-42BE-ACF9-D3D6CA07878C} canceled. {2719177B-8A83-4BF4-AA8A-66CFA7CE0704} canceled. {96626942-E6F3-411C-80F3-F4DE5C5A2965} canceled. {1F191ABA-7359-445F-9530-930C65DF1720} canceled. {04286383-866D-457A-919E-0D08FAE605A3} canceled. {98C1DEDE-7A97-453B-A783-83CE85365D68} canceled. {989417AD-B40B-416A-BDDB-407A90E80319} canceled. {6BB4009B-EB2B-4B29-8751-C69AFD97835D} canceled. {2F09FC0F-E05F-4415-B8A4-9C30617BA7E8} canceled. {92FABD5B-3928-4AE7-A50A-FD4CE07CC6A7} canceled. {0F5EA56B-30C2-4D1B-A52E-00619E214546} canceled. {BDCA92B6-7ED4-4E13-8A79-E20B1C2C52AB} canceled. {20B2E8F0-15D5-43DD-B3FA-4A0CF4F80610} canceled. {08D0CBCC-1661-4E97-B642-6D5F6F243DFD} canceled. {FA5EB733-6F19-4DAD-A48E-84D5C7587B3C} canceled. {B9454E29-570D-4035-AF95-0A30BF78EA2A} canceled. {6BFDF7EE-B90D-4AC5-AC50-E2C045A3D51C} canceled. {F1D5BCC9-DC72-4C0E-A24D-AD7F38D9A7A3} canceled. {37B76A20-28FA-4C83-B95A-9E915B590AE4} canceled. {31C4B51A-13ED-4770-B4E7-A103DBD03707} canceled. {B05B4E40-ECCA-4955-B860-F2D491987893} canceled. {2F7A4E19-53F9-4D8E-846B-795E49A70549} canceled. {39C44CFA-0DA5-46F1-A4B0-D165DF1A36B5} canceled. {ED6DCF10-2EFB-4652-9C78-C8A2E27792C9} canceled. {9C9764E4-7701-44A5-B78B-9AA8B9C91DD7} canceled. {F06488CB-E5A8-457F-B7E2-0D1ED8DE7459} canceled. {922379D0-9FAE-4D12-A8C6-9CECE7895BCC} canceled. {5CE9E59B-1073-41FF-B090-0A8D8AD1FE15} canceled. {EACA40B6-E244-4B29-8861-581F10CAA011} canceled. {3ED1FB31-5F4E-4389-B2AF-5DB97BBB1275} canceled. {25B467E0-C237-4CF8-94B2-AF0F5B76AC14} canceled. {11B69F6D-F275-416E-843D-6E848744DD5E} canceled. {66B2CDB3-4A4D-4DE4-857A-FAD162EB2597} canceled. {11F72AE6-F292-4CBF-A54F-1FE019C59B2E} canceled. {D288D59E-BAE8-4DF0-AEF8-D5A758416076} canceled. {A2ACC90F-1EAD-4E43-89AB-67CA16D33EC4} canceled. {10FE1449-1C16-4F83-A435-9824873DB957} canceled. 43 out of 43 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====