Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015 Ran by Tomek at 2015-04-22 16:38:20 Run:1 Running from C:\Users\Tomek\Downloads Loaded Profiles: Tomek (Available profiles: Tomek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: KLM-x32\...\Run: [] => C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe <===== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1910233873-1700316264-2321489004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1910233873-1700316264-2321489004-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM-x32\...\Run: [] => C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe <===== ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] Task: {9C7A1883-C45A-4EFC-8AEC-F40607297F31} - System32\Tasks\bmicpen => C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe <==== ATTENTION Task: {C777653B-1170-4A35-B3F3-59049B783B5D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc EmptyTemp: ***************** Processes closed successfully. KLM-x32\...\Run: [] => C:\Users\Tomek\AppData\Local\Temp\wnqieun.exe <===== ATTENTION => Error: No automatic fix found for this entry. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-1910233873-1700316264-2321489004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully. HKU\S-1-5-21-1910233873-1700316264-2321489004-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. Avgfwfd => Service deleted successfully. catchme => Service deleted successfully. iSafeKrnlMon => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9C7A1883-C45A-4EFC-8AEC-F40607297F31}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7A1883-C45A-4EFC-8AEC-F40607297F31}" => Key deleted successfully. C:\Windows\System32\Tasks\bmicpen => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bmicpen" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C777653B-1170-4A35-B3F3-59049B783B5D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C777653B-1170-4A35-B3F3-59049B783B5D}" => Key deleted successfully. C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully. EmptyTemp: => Removed 460.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:38:51 ====