Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03 Ran by Norm at 2015-01-05 12:32:35 Run:1 Running from C:\Users\Norm\Desktop Loaded Profile: Norm (Available profiles: Norm) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Run: [] => [X] HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...\Winlogon: [Shell] explorer.exe,C:\Users\Norm\AppData\Roaming\skype.dat <==== ATTENTION HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! CustomCLSID: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? BHO: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll (weDownload) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> No File Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-3642669842-3344055725-2380362599-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-12-18] C:\Users\Norm\AppData\Roaming\skype.ini CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on CMD: ipconfig /flushdns Emptytemp: Hosts: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. "HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. HKU\S-1-5-21-3642669842-3344055725-2380362599-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110411901174}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully. "HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}" => Key deleted successfully. HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully. HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. HKU\S-1-5-21-3642669842-3344055725-2380362599-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found. "HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully. HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com => Moved successfully. C:\Users\Norm\AppData\Roaming\skype.ini => Moved successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 9.7 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:12:02 ====