Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01 Ran by SYSTEM at 2015-01-24 14:20:32 Run:1 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKLM\...\Run: [*WinMediaManager00] => C:\ProgramData\WinMediaManager00\unsecapp.exe [150456 2009-04-10] (Stoically6) HKU\Właściciel\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION IFEO\MPLog-11022006-050241.log: [Debugger] wuauclt.exe IFEO\Scans: [Debugger] wuauclt.exe IFEO\Support: [Debugger] wuauclt.exe GroupPolicyUsers\S-1-5-21-671787287-3483274435-3103815376-1004\User: Group Policy restriction detected <======= ATTENTION S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X] S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X] C:\ProgramData\WinMediaManager00 C:\ProgramData\Winrar_Update C:\Users\Właściciel\AppData\Roaming\*.exe C:\Users\Właściciel\AppData\Roaming\WinMediaManager00 C:\Users\Wlasciciel\AppData\Local\Temp Folder: C:\Program Files\Windows Defender Reg: reg query "HKLM\SYSTEM\ControlSet003\Control\Session Manager" CMD: type C:\service.log ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\*WinMediaManager00 => value deleted successfully. HKU\Właściciel\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MPLog-11022006-050241.log" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Scans" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Support" => Key deleted successfully. C:\Windows\System32\GroupPolicyUsers\S-1-5-21-671787287-3483274435-3103815376-1004\User => Moved successfully. C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully. IePluginServices => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. C:\ProgramData\WinMediaManager00 => Moved successfully. C:\ProgramData\Winrar_Update => Moved successfully. "C:\Users\Właściciel\AppData\Roaming\*.exe" => File/Directory not found. "C:\Users\Właściciel\AppData\Roaming\WinMediaManager00" => File/Directory not found. "C:\Users\Wlasciciel\AppData\Local\Temp" => File/Directory not found. ========================= Folder: C:\Program Files\Windows Defender ======================== 2015-01-23 04:59 - 2015-01-23 04:59 - 2097152 ___SH () C:\Program Files\Windows Defender\MSASCui.exe.config 2006-12-04 21:20 - 2015-01-23 05:01 - 0000000 ____D () C:\Program Files\Windows Defender\pl-PL.57YO9.13T2C 2006-12-04 21:16 - 2006-12-04 21:16 - 0049152 ____N (Microsoft Corporation) C:\Program Files\Windows Defender\pl-PL.57YO9.13T2C\MpAsDesc.dll.mui.9iz3S.aGhM6 2006-12-04 21:17 - 2006-12-04 21:17 - 0023552 ____N (Microsoft Corporation) C:\Program Files\Windows Defender\pl-PL.57YO9.13T2C\MpEvMsg.dll.mui.fSRV1.5269q 2006-12-04 21:16 - 2006-12-04 21:16 - 0069632 ____N (Microsoft Corporation) C:\Program Files\Windows Defender\pl-PL.57YO9.13T2C\MsMpRes.dll.mui.yv8.x65m ====== End of Folder: ====== ========= reg query "HKLM\SYSTEM\ControlSet003\Control\Session Manager" ========= HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager CriticalSectionTimeout REG_DWORD 0x278d00 GlobalFlag REG_DWORD 0x0 HeapDeCommitFreeBlockThreshold REG_DWORD 0x0 HeapDeCommitTotalFreeThreshold REG_DWORD 0x0 HeapSegmentCommit REG_DWORD 0x0 HeapSegmentReserve REG_DWORD 0x0 ProcessorControl REG_DWORD 0x2 ResourceTimeoutCount REG_DWORD 0x9e340 BootExecute REG_MULTI_SZ autocheck autochk * ObjectDirectories REG_MULTI_SZ \Windows\0\RPC Control ProtectionMode REG_DWORD 0x1 NumberOfInitialSessions REG_DWORD 0x2 ERROR: More data is available. ========= End of Reg: ========= ========= type C:\service.log ========= Just before processing loop... Type=60,Port=b2,BiosAddr=7feedfd0 Current=0.000000,Total=0.000000,MaxVid=1.350000,Rev=0x20 ========= End of CMD: ========= ==== End of Fixlog 14:20:33 ====