Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-04-2015 Ran by Emila at 2015-04-12 22:38:02 Run:2 Running from C:\Users\Emila\Desktop Loaded Profiles: Emila (Available profiles: laptop & Emila) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] C:\Users\Emila\Desktop\firewall.bat C:\ProgramData\AVAST Software Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog" EmptyTemp: ***************** Processes closed successfully. klkbdflt2 => Service deleted successfully. C:\Users\Emila\Desktop\firewall.bat => Moved successfully. C:\ProgramData\AVAST Software => Moved successfully. ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog" ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll ServiceMain REG_SZ ServiceMain PlugPlayServiceType REG_DWORD 0x3 ServiceDllUnloadOnStop REG_DWORD 0x1 DisplayName REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-200 Group REG_SZ Event Log ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Description REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-201 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege FailureActionsOnNonCrashFailures REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\COMODO Internet Security CEF HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\COMODO Internet Security Trace HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\HardwareEvents HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Internet Explorer HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Key Management Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Media Center HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\OAlerts HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 22:38:31 ====