Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01 Ran by michala at 2015-02-05 07:20:01 Run:1 Running from C:\Users\michala\Downloads Loaded Profiles: michala (Available profiles: michala & michal & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Winlogon\Notify\igfxcui: igfxdev.dll [X] HKLM-x32\...\Run: [] => [X] HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe" Task: {A42E112C-5AF2-4096-8977-3FC18D08B5B1} - System32\Tasks\{DFAA0E49-C3FF-40ED-AE52-47778A939793} => pcalua.exe -a D:\Hedgehog\setup.exe -d D:\Hedgehog HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-21-1389842906-3876487780-2281526025-2177 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-1389842906-3876487780-2281526025-2177 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S3 catchme; \??\C:\ComboFix\catchme.sys [X] Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A42E112C-5AF2-4096-8977-3FC18D08B5B1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A42E112C-5AF2-4096-8977-3FC18D08B5B1}" => Key deleted successfully. C:\Windows\System32\Tasks\{DFAA0E49-C3FF-40ED-AE52-47778A939793} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFAA0E49-C3FF-40ED-AE52-47778A939793}" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. "HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKU\S-1-5-21-1389842906-3876487780-2281526025-2177\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. catchme => Service deleted successfully. ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 462.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 07:20:35 ====