Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-01-2014 Ran by B i W at 2014-01-23 21:00:23 Run:1 Running from C:\Documents and Settings\B i W\Moje dokumenty\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe S2 savesenselive; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-08] (SaveSense) S3 savesenselivem; C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-01-08] (SaveSense) R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [499856 2013-12-28] (Cherished Technololgy LIMITED) S3 cpuz134; \??\C:\DOCUME~1\BIW~1\USTAWI~1\Temp\cpuz134\cpuz134_x32.sys [x] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [x] HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-13] () HKCU\...\Run: [NextLive] - C:\Documents and Settings\B i W\Dane aplikacji\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1388255324&from=cor&uid=ST3320620AS_5QF1HJQYXXXX5QF1HJQY&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1388255324&from=cor&uid=ST3320620AS_5QF1HJQYXXXX5QF1HJQY&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1388255324&from=cor&uid=ST3320620AS_5QF1HJQYXXXX5QF1HJQY&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1388255324&from=cor&uid=ST3320620AS_5QF1HJQYXXXX5QF1HJQY&q={searchTerms} BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense) BHO: PassShow - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll () BHO: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files\Jump Flip\JumpFlipbho.dll (Jump Flip) BHO: YoutubeAdblocker - {74119357-A72D-1112-15AD-129F099A3ADB} - C:\Program Files\YoutubeAdblocker\j.dll () BHO: Grreuatsaverr - {9A165E81-6F01-6C71-E1B5-2ED510A47DFD} - C:\Program Files\Grreuatsaverr\fmp.dll () CHR HKLM\...\Chrome\Extension: [dhogjnnleghndloamdkljhnhdchpcijl] - C:\Program Files\PassShow\150.crx [2014-01-06] CHR HKLM\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2013-12-27] CHR HKLM\...\Chrome\Extension: [khcceooakamlehbimaepcldnnlnkcmfk] - C:\Program Files\SaveSense\SaveSense.crx [2014-01-08] Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\BIW~1\DANEAP~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\PassShow Update.job => C:\Program Files\PassShow\PsUP.exe Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} C:\Documents and Settings\All Users\Dane aplikacji\25c5f3be9b940965 C:\Documents and Settings\All Users\Dane aplikacji\AVG C:\Documents and Settings\All Users\Dane aplikacji\Common Files C:\Documents and Settings\B i W\.android C:\Documents and Settings\B i W\daemonprocess.txt C:\Documents and Settings\B i W\Dane aplikacji\aartemis C:\Documents and Settings\B i W\Dane aplikacji\AVG C:\Documents and Settings\B i W\Dane aplikacji\eCyber C:\Documents and Settings\B i W\Dane aplikacji\iSafe C:\Documents and Settings\B i W\Dane aplikacji\newnext.me C:\Documents and Settings\B i W\Dane aplikacji\OpenCandy C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\cache C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Comodo C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\genienext C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Mobogenie C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Torch C:\Documents and Settings\B i W\Ustawienia lokalne\Temp\*.exe C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\*.exe C:\Documents and Settings\Administrator C:\Documents and Settings\Gość C:\Documents and Settings\Pomocnik C:\Documents and Settings\SUPPORT_388945a0 C:\Program Files\Mobogenie C:\Program Files\MyPC Backup Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Aff Packages" /s Reg: reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Media Player Codec Pack Packages" /s ***************** [1928] C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe => Process closed successfully. savesenselive => Service deleted successfully. savesenselivem => Service deleted successfully. Wpm => Service deleted successfully. cpuz134 => Service deleted successfully. iSafeNetFilter => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} => Key deleted successfully. HKCR\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d661e5b-7d7a-417c-b5b5-6479017bb314} => Key deleted successfully. HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} => Key deleted successfully. HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74119357-A72D-1112-15AD-129F099A3ADB} => Key deleted successfully. HKCR\CLSID\{74119357-A72D-1112-15AD-129F099A3ADB} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A165E81-6F01-6C71-E1B5-2ED510A47DFD} => Key deleted successfully. HKCR\CLSID\{9A165E81-6F01-6C71-E1B5-2ED510A47DFD} => Key deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl => Key deleted successfully. C:\Program Files\PassShow\150.crx => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf => Key deleted successfully. C:\Program Files\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx => Moved successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\khcceooakamlehbimaepcldnnlnkcmfk => Key deleted successfully. C:\Program Files\SaveSense\SaveSense.crx => Moved successfully. C:\WINDOWS\Tasks\At1.job => Moved successfully. C:\WINDOWS\Tasks\PassShow Update.job => Moved successfully. C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => Moved successfully. C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\25c5f3be9b940965 => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Common Files => Moved successfully. C:\Documents and Settings\B i W\.android => Moved successfully. C:\Documents and Settings\B i W\daemonprocess.txt => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\aartemis => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\AVG => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\eCyber => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\iSafe => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\newnext.me => Moved successfully. C:\Documents and Settings\B i W\Dane aplikacji\OpenCandy => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\cache => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Comodo => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\genienext => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Mobogenie => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Dane aplikacji\Torch => Moved successfully. C:\Documents and Settings\B i W\Ustawienia lokalne\Temp\*.exe => Moved successfully. C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\*.exe => Moved successfully. C:\Documents and Settings\Administrator => Moved successfully. C:\Documents and Settings\Gość => Moved successfully. C:\Documents and Settings\Pomocnik => Moved successfully. C:\Documents and Settings\SUPPORT_388945a0 => Moved successfully. C:\Program Files\Mobogenie => Moved successfully. C:\Program Files\MyPC Backup => Moved successfully. ========= reg delete HKCU\Software\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\mozilla.org /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Aff Packages" /s ========= ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Aff Packages DisplayIcon REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\1H1Q\Aff Packages\uninstaller.exe UninstallString REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\1H1Q\Aff Packages\uninstaller.exe /Uninstall /NM="Aff Packages" /AN="1H1Q" /MBN="Aff Packages" DisplayName REG_SZ Aff Packages UninstallerPath REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\1H1Q\Aff Packages UninstallerPathParent REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\1H1Q ========= End of Reg: ========= ========= reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Media Player Codec Pack Packages" /s ========= ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Media Player Codec Pack Packages DisplayIcon REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\0F1F1C2Y1H1P1C0I0T\Media Player Codec Pack Packages\uninstaller.exe UninstallString REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\0F1F1C2Y1H1P1C0I0T\Media Player Codec Pack Packages\uninstaller.exe /Uninstall /NM="Media Player Codec Pack Packages" /AN="0F1F1C2Y1H1P1C0I0T" /MBN="Media Player Codec Pack Packages" DisplayName REG_SZ Media Player Codec Pack Packages UninstallerPath REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\0F1F1C2Y1H1P1C0I0T\Media Player Codec Pack Packages UninstallerPathParent REG_SZ C:\Documents and Settings\B i W\Dane aplikacji\0F1F1C2Y1H1P1C0I0T ========= End of Reg: ========= ==== End of Fixlog ====