Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015 Ran by PatrykKarol at 2015-02-14 08:50:01 Run:3 Running from C:\Users\PatrykKarol\Downloads Loaded Profiles: PatrykKarol (Available profiles: UpdatusUser & PatrykKarol) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {D956458C-9A1F-4C2D-829C-3137A70ABF9E} - \EPUpdater No Task File <==== ATTENTION HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382820586&from=cor&uid=WDCXWD10JPVT-75A1YT0_WXB1C1291445C1291445&q={searchTerms} Toolbar: HKU\S-1-5-21-1434524747-510119422-2071594516-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK C:\ProgramData\{*}.log C:\ProgramData\Intel.sav\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk C:\Users\PatrykKarol\AppData\Local\70149b02515b3bb20dd492.47983420 C:\Users\PatrykKarol\Downloads\ComboFix*.exe C:\Users\UpdatusUser\Desktop\*.lnk Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v NukeMetro /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ViStart /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D956458C-9A1F-4C2D-829C-3137A70ABF9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D956458C-9A1F-4C2D-829C-3137A70ABF9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1434524747-510119422-2071594516-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully. "C:\ProgramData\{*}.log" => File/Directory not found. C:\ProgramData\Intel.sav\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk => Moved successfully. C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk => Moved successfully. "C:\Users\PatrykKarol\AppData\Local\70149b02515b3bb20dd492.47983420" => File/Directory not found. C:\Users\PatrykKarol\Downloads\ComboFix*.exe => Moved successfully. C:\Users\UpdatusUser\Desktop\*.lnk => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v NukeMetro /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ViStart /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v SunJavaUpdateSched /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 151.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 08:50:49 ====