Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Iksu at 2015-03-18 16:40:02 Run:1 Running from C:\Users\Iksu\Desktop Loaded Profiles: Iksu (Available profiles: Iksu) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: Task: {4B03375D-113B-4166-9531-0F1184FAE644} - System32\Tasks\efsui => C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe [2014-11-18] (©Wyebugur) HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\...\Run: [efsui] => C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe [290304 2014-11-18] (©Wyebugur) HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\...\RunOnce: [efsui] => C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe [290304 2014-11-18] (©Wyebugur) HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\...\Policies\Explorer: [Run] "C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe" HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\...\Command Processor: "C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe" <===== ATTENTION! HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate\efsui.exe [290304 2014-11-18] (©Wyebugur) Startup: C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efsui.lnkt C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp1.lnk Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B03375D-113B-4166-9531-0F1184FAE644}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B03375D-113B-4166-9531-0F1184FAE644}" => Key deleted successfully. C:\Windows\System32\Tasks\efsui => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\efsui" => Key deleted successfully. HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Software\Microsoft\Windows\CurrentVersion\Run\\efsui => value deleted successfully. HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\efsui => value deleted successfully. HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully. HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully. HKU\S-1-5-21-4099705337-2020661889-2010485058-1001\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully. C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efsui.lnkt not found. C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\IEUpdate => Moved successfully. C:\Users\Iksu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp1.lnk => Moved successfully. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog 16:40:18 ====