Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01 Ran by Administrator at 2015-02-28 13:50:09 Run:1 Running from C:\Users\Administrator\Desktop Loaded Profiles: Administrator (Available profiles: Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.) [File not signed] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QPST v2.7.378.zip.lnk HKU\S-1-5-21-1597870552-71927855-2046932826-500\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-1597870552-71927855-2046932826-500\...\Policies\Explorer: [] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=20495&r=2015/02/23&hid=4116981499609149788&lg=EN&cc=PL&unqvl=82 SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=20495&r=2015/02/23&hid=4116981499609149788&lg=EN&cc=PL&unqvl=82 SearchScopes: HKU\S-1-5-21-1597870552-71927855-2046932826-500 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=20495&r=2015/02/23&hid=4116981499609149788&lg=EN&cc=PL&unqvl=82 SearchScopes: HKU\S-1-5-21-1597870552-71927855-2046932826-500 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=20495&r=2015/02/23&hid=4116981499609149788&lg=EN&cc=PL&unqvl=82 C:\Program Files (x86)\Google C:\Program Files (x86)\Mozilla Firefox C:\ProgramData\{15e07bca-65a6-23ee-15e0-07bca65aef29} C:\ProgramData\2b9b778a00000255 C:\ProgramData\7369084718163618701 C:\ProgramData\Ashampoo C:\ProgramData\AVG Security Toolbar C:\ProgramData\epcflnhekbeiedbpcempcodppnncjelo C:\ProgramData\MFAData C:\Users\Administrator\AppData\Local\Google C:\Users\Administrator\AppData\Local\MFAData C:\Users\Administrator\AppData\Local\Mozilla C:\Users\Administrator\AppData\Roaming\Mozilla C:\Users\Administrator\AppData\Roaming\TuneUp Software C:\Users\Administrator\AppData\Roaming\Microsoft\Word\*.lnk C:\Windows\SysWOW64\drivers\pfc.sys Folder: C:\ProgramData\CODEX Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Google /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira Systray" /f Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v LowerFilters /f Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v UpperFilters /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. pfc => Service deleted successfully. cpuz135 => Service deleted successfully. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QPST v2.7.378.zip.lnk => Moved successfully. HKU\S-1-5-21-1597870552-71927855-2046932826-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value deleted successfully. HKU\S-1-5-21-1597870552-71927855-2046932826-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. HKU\S-1-5-21-1597870552-71927855-2046932826-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1597870552-71927855-2046932826-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. HKCR\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. C:\Program Files (x86)\Google => Moved successfully. "C:\Program Files (x86)\Mozilla Firefox" => File/Directory not found. C:\ProgramData\{15e07bca-65a6-23ee-15e0-07bca65aef29} => Moved successfully. C:\ProgramData\2b9b778a00000255 => Moved successfully. C:\ProgramData\7369084718163618701 => Moved successfully. C:\ProgramData\Ashampoo => Moved successfully. C:\ProgramData\AVG Security Toolbar => Moved successfully. C:\ProgramData\epcflnhekbeiedbpcempcodppnncjelo => Moved successfully. C:\ProgramData\MFAData => Moved successfully. C:\Users\Administrator\AppData\Local\Google => Moved successfully. C:\Users\Administrator\AppData\Local\MFAData => Moved successfully. C:\Users\Administrator\AppData\Local\Mozilla => Moved successfully. C:\Users\Administrator\AppData\Roaming\Mozilla => Moved successfully. C:\Users\Administrator\AppData\Roaming\TuneUp Software => Moved successfully. "C:\Users\Administrator\AppData\Roaming\Microsoft\Word\*.lnk" => File/Directory not found. C:\Windows\SysWOW64\drivers\pfc.sys => Moved successfully. ========================= Folder: C:\ProgramData\CODEX ======================== 2015-02-01 18:21 - 2015-02-01 18:21 - 0000000 ____D () C:\ProgramData\CODEX\Administrator 2015-02-01 18:21 - 2015-02-01 18:21 - 0000000 ____D () C:\ProgramData\CODEX\Administrator\250320 2015-02-01 18:21 - 2015-02-01 18:21 - 0000000 ____D () C:\ProgramData\CODEX\Administrator\250320\local 2015-02-01 18:21 - 2015-02-01 18:21 - 0000000 ____D () C:\ProgramData\CODEX\Administrator\250320\saves 2015-02-01 18:21 - 2015-02-01 18:21 - 0000000 ____D () C:\ProgramData\CODEX\Administrator\250320\stats ====== End of Folder: ====== ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira Systray" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v LowerFilters /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /v UpperFilters /f ========= Bť¤D: System nie znalazˆ w rejestrze okre˜lonego klucza albo warto˜ci. ========= End of Reg: ========= EmptyTemp: => Removed 802 MB temporary data. The system needed a reboot. ==== End of Fixlog 13:50:27 ====