Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 Ran by User at 2015-01-12 20:23:33 Run:1 Running from C:\Users\User\Desktop Loaded Profile: User (Available profiles: User) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {346DF0A6-383A-4CC6-90C6-C328EC9E264F} - System32\Tasks\Origin => C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin\update.vbe [2014-09-08] () <==== ATTENTION Task: {D727073C-4D98-456E-9649-668640E6E57A} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\User\AppData\Roaming\XRay Engine\CODEXi\Steam [2015-01-10] () <==== ATTENTION Task: {B4785FE5-A0EF-4AFD-8D7A-076F8C1D0C6A} - System32\Tasks\{95A1E166-5039-40E2-99B5-C09CA2F7267B} => pcalua.exe -a C:\Users\User\Desktop\TWEE_Polish_language_pack.exe -d C:\Users\User\Desktop HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] C:\Program Files (x86)\BuoyNseavae C:\Program Files (x86)\BuyNsaave C:\Program Files (x86)\Google C:\Program Files (x86)\Minimal Memory C:\Program Files (x86)\YoutubeAdBLocoke C:\ProgramData\*.bdinstall.bin C:\ProgramData\McAfee C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Social Club.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine C:\Users\User\.VirtualBox C:\Users\User\VirtualBox VMs C:\Users\User\AppData\Local\Google C:\Users\User\AppData\Roaming\0ad C:\Users\User\AppData\Roaming\3909 C:\Users\User\AppData\Roaming\QuickScan C:\Users\User\AppData\Roaming\XRay Engine\CODEXi C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3 C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Xfire Friend.lnk C:\Users\User\Documents\Rainmeter\Skins\WP7\@Resources\Common\Variables\Languages\*.lnk C:\Windows\temp023423.vbe C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin C:\Windows\system32\Drivers\VBoxDrv.sys C:\Windows\system32\drivers\VBoxNetAdp.sys C:\Windows\system32\Drivers\VBoxUSBMon.sys Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstallerLauncher" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: sc delete VBoxNetAdp EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{346DF0A6-383A-4CC6-90C6-C328EC9E264F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{346DF0A6-383A-4CC6-90C6-C328EC9E264F}" => Key deleted successfully. C:\Windows\System32\Tasks\Origin => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D727073C-4D98-456E-9649-668640E6E57A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D727073C-4D98-456E-9649-668640E6E57A}" => Key deleted successfully. C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4785FE5-A0EF-4AFD-8D7A-076F8C1D0C6A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4785FE5-A0EF-4AFD-8D7A-076F8C1D0C6A}" => Key deleted successfully. C:\Windows\System32\Tasks\{95A1E166-5039-40E2-99B5-C09CA2F7267B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95A1E166-5039-40E2-99B5-C09CA2F7267B}" => Key deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet => value deleted successfully. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Application Agent => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully. andnetndis => Service deleted successfully. GPUZ => Service deleted successfully. VBoxNetFlt => Service deleted successfully. C:\Program Files (x86)\BuoyNseavae => Moved successfully. C:\Program Files (x86)\BuyNsaave => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\Minimal Memory => Moved successfully. C:\Program Files (x86)\YoutubeAdBLocoke => Moved successfully. C:\ProgramData\*.bdinstall.bin => Moved successfully. C:\ProgramData\McAfee => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Social Club.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine => Moved successfully. C:\Users\User\.VirtualBox => Moved successfully. C:\Users\User\VirtualBox VMs => Moved successfully. C:\Users\User\AppData\Local\Google => Moved successfully. C:\Users\User\AppData\Roaming\0ad => Moved successfully. C:\Users\User\AppData\Roaming\3909 => Moved successfully. C:\Users\User\AppData\Roaming\QuickScan => Moved successfully. C:\Users\User\AppData\Roaming\XRay Engine\CODEXi => Moved successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk => Moved successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG-Techdemo-0.3 => Moved successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Xfire Friend.lnk => Moved successfully. C:\Users\User\Documents\Rainmeter\Skins\WP7\@Resources\Common\Variables\Languages\*.lnk => Moved successfully. C:\Windows\temp023423.vbe => Moved successfully. C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin => Moved successfully. C:\Windows\system32\Drivers\VBoxDrv.sys => Moved successfully. C:\Windows\system32\drivers\VBoxNetAdp.sys => Moved successfully. C:\Windows\system32\Drivers\VBoxUSBMon.sys => Moved successfully. ========= reg delete HKCU\Software\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstallerLauncher" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= sc delete VBoxNetAdp ========= [SC] DeleteService SUKCES ========= End of CMD: ========= EmptyTemp: => Removed 1.7 GB temporary data. The system needed a reboot. ==== End of Fixlog 20:23:46 ====