Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01 Ran by galla_000 (2015-08-03 14:16:41) Run:1 Running from C:\Users\galla_000\Desktop Loaded Profiles: galla_000 (Available Profiles: galla_000) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} HKU\S-1-5-21-2575986412-378955102-3485170719-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 HKU\S-1-5-21-2575986412-378955102-3485170719-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 SearchScopes: HKU\.DEFAULT -> {40E89675-1A5C-4F23-BD1A-3BCE9D7CF495} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2575986412-378955102-3485170719-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} SearchScopes: HKU\S-1-5-21-2575986412-378955102-3485170719-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49&q={searchTerms} SearchScopes: HKU\S-1-5-21-2575986412-378955102-3485170719-1001 -> {40E89675-1A5C-4F23-BD1A-3BCE9D7CF495} URL = StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE http://www.oursurfing.com/?type=sc&ts=1437301966&z=a437653884c587f1c96b181gdzec6mdc6edg6tfq1c&from=amt&uid=WDCXWD10JPVX-22JC3T0_WD-WX11E44FLU49FLU49 FF Extension: No Name - C:\Users\galla_000\AppData\Roaming\Mozilla\Firefox\Profiles\llcmyqnx.default\extensions\iobitascsurfingprotection@iobit.com [not found] FF Extension: No Name - C:\Users\galla_000\AppData\Roaming\Mozilla\Firefox\Profiles\llcmyqnx.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com [not found] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] 2015-02-21 13:42 - 2015-02-21 13:42 - 1325008 _____ (HQ CinemaV21.02) C:\Users\galla_000\AppData\Roaming\TUZS.exe 2015-02-21 13:41 - 2015-02-21 13:41 - 1802192 _____ (HQ CinemaV21.02) C:\Users\galla_000\AppData\Roaming\VGDBHP.exe oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing) <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 EmptyTemp: end ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\S-1-5-21-2575986412-378955102-3485170719-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-2575986412-378955102-3485170719-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E89675-1A5C-4F23-BD1A-3BCE9D7CF495}" => key removed successfully HKCR\CLSID\{40E89675-1A5C-4F23-BD1A-3BCE9D7CF495} => key not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-2575986412-378955102-3485170719-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-2575986412-378955102-3485170719-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. "HKU\S-1-5-21-2575986412-378955102-3485170719-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40E89675-1A5C-4F23-BD1A-3BCE9D7CF495}" => key removed successfully HKCR\CLSID\{40E89675-1A5C-4F23-BD1A-3BCE9D7CF495} => key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully C:\Users\galla_000\AppData\Roaming\Mozilla\Firefox\Profiles\llcmyqnx.default\extensions\iobitascsurfingprotection@iobit.com not found. C:\Users\galla_000\AppData\Roaming\Mozilla\Firefox\Profiles\llcmyqnx.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com not found. GPUZ => service removed successfully C:\Users\galla_000\AppData\Roaming\TUZS.exe => moved successfully. C:\Users\galla_000\AppData\Roaming\VGDBHP.exe => moved successfully. oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing) <==== ATTENTION => Error: No automatic fix found for this entry. C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully. EmptyTemp: => 48.9 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 14:22:17 ====