Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Dariusz at 2015-03-21 11:19:09 Run:2 Running from C:\Users\Dariusz\Desktop\farb Loaded Profiles: Dariusz (Available profiles: Dariusz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2722554554-3565409741-3313146463-1000\...\Run: [CMD] => cmd.exe /c start http://zenigameblinger.org && exit <===== ATTENTION HKU\S-1-5-21-2722554554-3565409741-3313146463-1000\...\MountPoints2: {cc085ab3-e100-11e3-a971-806e6f6e6963} - E:\Run.exe Winlogon\Notify\igfxcui: igfxdev.dll [X] FF user.js: detected! => C:\Users\Dariusz\AppData\Roaming\Mozilla\Firefox\Profiles\n1wtbsvl.default\user.js [2014-06-05] S4 LMIRfsClientNP; No ImagePath S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S2 LMIInfo; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S3 WinRing0_1_2_0; \??\C:\Users\Dariusz\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys [X] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Sid Meier's Railroad Tycoon C:\ProgramData\TEMP C:\Users\Dariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk C:\Users\Dariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK C:\Users\Dariusz\Desktop\Smellyriver.TankInspector.exe — skrót.lnk C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XVM FULL 5.3.2 conf by DjVirusPL 0.9.1 v1 Reg: reg delete HKLM\SOFTWARE\Mozilla\Thunderbird /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2722554554-3565409741-3313146463-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully. "HKU\S-1-5-21-2722554554-3565409741-3313146463-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc085ab3-e100-11e3-a971-806e6f6e6963}" => Key deleted successfully. HKCR\CLSID\{cc085ab3-e100-11e3-a971-806e6f6e6963} => Key not found. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully. C:\Users\Dariusz\AppData\Roaming\Mozilla\Firefox\Profiles\n1wtbsvl.default\user.js => Moved successfully. LMIRfsClientNP => Service deleted successfully. FairplayKD => Service deleted successfully. LMIInfo => Service deleted successfully. WinRing0_1_2_0 => Service deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Sid Meier's Railroad Tycoon => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK => Moved successfully. C:\Users\Dariusz\Desktop\Smellyriver.TankInspector.exe — skrót.lnk => Moved successfully. C:\Users\Dariusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XVM FULL 5.3.2 conf by DjVirusPL 0.9.1 v1 => Moved successfully. ========= reg delete HKLM\SOFTWARE\Mozilla\Thunderbird /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla\Thunderbird /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 809.4 MB temporary data. The system needed a reboot. ==== End of Fixlog 11:19:57 ====