Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by user at 2015-03-21 13:54:30 Run:1 Running from C:\Users\user\Downloads Loaded Profiles: user (Available profiles: user) Boot Mode: Safe Mode (minimal) ============================================== Content of fixlist: ***************** CloseProcesses: Reg: reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d kbdclass /f Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318} /s Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [X] S3 x64kdss; syswow64\Drivers\x64kdss.sys [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] HKLM-x32\...\Run: [] => [X] CustomCLSID: HKU\S-1-5-21-2832837052-2721902705-4106856573-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File Task: {0EDE1C06-31C4-4F5F-A272-8339FFDA456F} - System32\Tasks\{112B7D02-E05B-4471-82ED-D92ED2D0B397} => C:\Games\The Binding of Isaac Rebirth\isaac-ng.exe Task: {21D23775-B5AA-42A2-AF3A-BB37F8849436} - System32\Tasks\{3BC7364D-A7B3-42A3-A32C-7E1C930984F0} => pcalua.exe -a "C:\Users\user\Downloads\Talesrunner_SGP_20140715_v1664_1 (1).exe" -d C:\Users\user\Downloads Task: {248A0C64-302E-46DF-AB4D-527795A00569} - System32\Tasks\{58881454-063E-4341-AC7D-0C8ABB657801} => C:\Games\The Binding of Isaac Rebirth\isaac-ng.exe Task: {78C48C76-5E18-4B26-9B01-B744337F10C6} - System32\Tasks\{F73FE386-757F-4400-9B33-08C7668E82D3} => C:\Games\The Binding of Isaac Rebirth\isaac-ng.exe Task: {ACB91E86-0D76-4E87-83D4-64E2CFC54D03} - System32\Tasks\{1E678CB1-A557-421A-966D-10E69BCEC054} => C:\Games\The Binding of Isaac Rebirth\isaac-ng.exe Task: {AFF6318B-7A8A-4983-8CFA-7EEAAB580D32} - System32\Tasks\{75D42FB4-34E7-40E5-A032-1C3D0C9C7FA8} => pcalua.exe -a C:\Users\user\Downloads\Talesrunner_SGP_20140715_v1664_1.exe -d C:\Users\user\Downloads Task: {F0AC117E-3037-4DB9-B4EB-F3F9D3A5947D} - System32\Tasks\{EB32D7A0-38EE-44D3-9729-D370A7812ACB} => C:\Games\The Binding of Isaac Rebirth\isaac-ng.exe Task: {FECFA357-6942-48A8-9DC9-9A98F3668471} - System32\Tasks\{3ED876F5-A430-4EFC-B1AB-BCA48B6A9296} => pcalua.exe -a "C:\Users\user\Downloads\Talesrunner_SGP_20140715_v1664_1 (4).exe" -d C:\Users\user\Downloads HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG.com Downloader.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Treasure Adventure Game C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk C:\Users\user\Desktop\Rougelegacy\Rogue Legacy.lnk C:\Users\user\Desktop\skanery\Malwarebytes Anti-Malware.lnk C:\Users\user\Desktop\skanery\MiniTool Partition Wizard Home Edition.lnk C:\Users\user\Downloads\Niepotwierdzony*.crdownload EmptyTemp: ***************** Processes closed successfully. ========= reg add HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318} /v UpperFilters /t REG_MULTI_SZ /d kbdclass /f ========= Operacja uko?czona pomy?lnie. ========= End of Reg: ========= ========= reg query HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318} /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318} Class REG_SZ Mouse ClassDesc REG_SZ @%SystemRoot%\System32\SysClass.Dll,-3004 (domy?lny) REG_SZ Mice and other pointing devices IconPath REG_MULTI_SZ %SystemRoot%\System32\setupapi.dll,-2 Installer32 REG_SZ SysClass.Dll,MouseClassInstaller NoInstallClass REG_SZ 1 UpperFilters REG_MULTI_SZ mouclass HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0000 LocationInformationOverride REG_SZ podł?czone do portu myszy PS/2 InfPath REG_SZ oem21.inf InfSection REG_SZ ATP0105_Inst ProviderName REG_SZ ASUS DriverDateData REG_BINARY 0000EED67341CF01 DriverDate REG_SZ 3-17-2014 DriverVersion REG_SZ 1.0.0.207 MatchingDeviceId REG_SZ acpi\etd0109 DriverDesc REG_SZ ASUS Touchpad IncludedInfs REG_MULTI_SZ msmouse.inf HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001 InfPath REG_SZ msmouse.inf InfSection REG_SZ HID_Mouse_Inst InfSectionExt REG_SZ .NT ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 00808CA3C594C601 DriverDate REG_SZ 6-21-2006 DriverVersion REG_SZ 6.1.7600.16385 MatchingDeviceId REG_SZ hid_device_system_mouse DriverDesc REG_SZ Mysz zgodna z HID HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0002 InfPath REG_SZ msmouse.inf InfSection REG_SZ HID_Mouse_Inst InfSectionExt REG_SZ .NT ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 00808CA3C594C601 DriverDate REG_SZ 6-21-2006 DriverVersion REG_SZ 6.1.7600.16385 MatchingDeviceId REG_SZ hid_device_system_mouse DriverDesc REG_SZ Mysz zgodna z HID HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0003 InfPath REG_SZ msmouse.inf InfSection REG_SZ HID_Mouse_Inst InfSectionExt REG_SZ .NT ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 00808CA3C594C601 DriverDate REG_SZ 6-21-2006 DriverVersion REG_SZ 6.1.7600.16385 MatchingDeviceId REG_SZ hid_device_system_mouse DriverDesc REG_SZ Mysz zgodna z HID HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0004 InfPath REG_SZ msmouse.inf InfSection REG_SZ HID_Mouse_Inst InfSectionExt REG_SZ .NT ProviderName REG_SZ Microsoft DriverDateData REG_BINARY 00808CA3C594C601 DriverDate REG_SZ 6-21-2006 DriverVersion REG_SZ 6.1.7600.16385 MatchingDeviceId REG_SZ hid_device_system_mouse DriverDesc REG_SZ Mysz zgodna z HID HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\Properties ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja uko?czona pomy?lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja uko?czona pomy?lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja uko?czona pomy?lnie. ========= End of Reg: ========= ACTION_SVC => Service deleted successfully. EagleX64 => Service deleted successfully. pwdrvio => Service deleted successfully. x64kdss => Service deleted successfully. X6va021 => Service deleted successfully. X6va022 => Service deleted successfully. X6va025 => Service deleted successfully. X6va027 => Service deleted successfully. X6va028 => Service deleted successfully. X6va029 => Service deleted successfully. xhunter1 => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. "HKU\S-1-5-21-2832837052-2721902705-4106856573-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EDE1C06-31C4-4F5F-A272-8339FFDA456F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EDE1C06-31C4-4F5F-A272-8339FFDA456F}" => Key deleted successfully. C:\Windows\System32\Tasks\{112B7D02-E05B-4471-82ED-D92ED2D0B397} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{112B7D02-E05B-4471-82ED-D92ED2D0B397}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21D23775-B5AA-42A2-AF3A-BB37F8849436}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21D23775-B5AA-42A2-AF3A-BB37F8849436}" => Key deleted successfully. C:\Windows\System32\Tasks\{3BC7364D-A7B3-42A3-A32C-7E1C930984F0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BC7364D-A7B3-42A3-A32C-7E1C930984F0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{248A0C64-302E-46DF-AB4D-527795A00569}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{248A0C64-302E-46DF-AB4D-527795A00569}" => Key deleted successfully. C:\Windows\System32\Tasks\{58881454-063E-4341-AC7D-0C8ABB657801} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58881454-063E-4341-AC7D-0C8ABB657801}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78C48C76-5E18-4B26-9B01-B744337F10C6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78C48C76-5E18-4B26-9B01-B744337F10C6}" => Key deleted successfully. C:\Windows\System32\Tasks\{F73FE386-757F-4400-9B33-08C7668E82D3} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F73FE386-757F-4400-9B33-08C7668E82D3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB91E86-0D76-4E87-83D4-64E2CFC54D03}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB91E86-0D76-4E87-83D4-64E2CFC54D03}" => Key deleted successfully. C:\Windows\System32\Tasks\{1E678CB1-A557-421A-966D-10E69BCEC054} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E678CB1-A557-421A-966D-10E69BCEC054}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFF6318B-7A8A-4983-8CFA-7EEAAB580D32}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFF6318B-7A8A-4983-8CFA-7EEAAB580D32}" => Key deleted successfully. C:\Windows\System32\Tasks\{75D42FB4-34E7-40E5-A032-1C3D0C9C7FA8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75D42FB4-34E7-40E5-A032-1C3D0C9C7FA8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0AC117E-3037-4DB9-B4EB-F3F9D3A5947D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0AC117E-3037-4DB9-B4EB-F3F9D3A5947D}" => Key deleted successfully. C:\Windows\System32\Tasks\{EB32D7A0-38EE-44D3-9729-D370A7812ACB} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB32D7A0-38EE-44D3-9729-D370A7812ACB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FECFA357-6942-48A8-9DC9-9A98F3668471}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECFA357-6942-48A8-9DC9-9A98F3668471}" => Key deleted successfully. C:\Windows\System32\Tasks\{3ED876F5-A430-4EFC-B1AB-BCA48B6A9296} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3ED876F5-A430-4EFC-B1AB-BCA48B6A9296}" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG.com Downloader.lnk => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Treasure Adventure Game => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox" => File/Directory not found. "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk" => File/Directory not found. C:\Users\user\Desktop\Rougelegacy\Rogue Legacy.lnk => Moved successfully. C:\Users\user\Desktop\skanery\Malwarebytes Anti-Malware.lnk => Moved successfully. C:\Users\user\Desktop\skanery\MiniTool Partition Wizard Home Edition.lnk => Moved successfully. C:\Users\user\Downloads\Niepotwierdzony*.crdownload => Moved successfully. EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:55:48 ====