Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014 Ran by ADMIN at 2014-09-17 15:39:41 Run:1 Running from E:\fixit\frst Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: HKU\S-1-5-21-4014269469-2975056858-994782064-1000\...\Run: [EfkuQpumz] => regsvr32.exe "C:\ProgramData\EfkuQpumz\EfkuQpumz.dat" HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Panda Security <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\ESET <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Kaspersky Lab <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File C:\ProgramData\EfkuQpumz C:\ProgramData\OhtoGinzo C:\ProgramData\UgkeqNutet C:\ProgramData\TEMP C:\ProgramData\F-Secure C:\Users\ADMIN\AppData\Roaming\QuickScan C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup Folder: C:\Windows\Sun Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EfkuQpumz" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OhtoGinzo" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UgkeqNutet" /f CMD: netsh advfirewall reset ***************** Processes closed successfully. HKU\S-1-5-21-4014269469-2975056858-994782064-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EfkuQpumz => value deleted successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => Value not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully. "HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}" => Key not found. C:\ProgramData\EfkuQpumz => Moved successfully. C:\ProgramData\OhtoGinzo => Moved successfully. C:\ProgramData\UgkeqNutet => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\ProgramData\F-Secure => Moved successfully. C:\Users\ADMIN\AppData\Roaming\QuickScan => Moved successfully. C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => Moved successfully. ========================= Folder: C:\Windows\Sun ======================== 2014-09-16 22:02 - 2014-09-16 22:02 - 0000000 ____D () C:\Windows\Sun\Java 2014-09-16 22:02 - 2014-09-16 22:02 - 0000000 ____D () C:\Windows\Sun\Java\Deployment ====== End of Folder: ====== ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EfkuQpumz" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OhtoGinzo" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UgkeqNutet" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====