Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Łukasz at 2015-01-07 22:27:33 Run:1
Running from D:\Pobrane
Loaded Profiles: Łukasz & UpdatusUser (Available profiles: Łukasz & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
R1 {cc30460f-753f-44d9-b58c-13dae1321968}w64; C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys [61120 2014-05-22] (StdLib)
R2 MaintainerSvc1.47.6049145; C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4\maintainer.exe [117248 2015-01-07] () [File not signed]
S4 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [525600 2014-11-11] ()
S4 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [525600 2014-11-11] ()
Task: {0A9C3B2C-6EDC-4465-83D1-18206625AF9F} - System32\Tasks\FoxTab => C:\Users\Łukasz\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {17E08DF3-1B52-44AA-B20B-4DB1D4D1F708} - System32\Tasks\Yahoo! Search Updater => C:\Users\Łukasz\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrsetup.exe [2014-10-28] (Pay By Ads LTD) <==== ATTENTION
Task: {3B220F81-058D-4FFD-BD33-1DDDD469B44E} - System32\Tasks\Object Browser-updater => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe [2013-10-28] (Object Browser) <==== ATTENTION
Task: {69BC01A4-C0A1-4345-BF45-66C64FEFA8D8} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {8C54882E-AEA3-4041-8898-B282B17F9AC3} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-01-03] (AnyProtect by CMI) <==== ATTENTION
Task: {AE137C06-C300-48A9-B925-5F807252EB3B} - System32\Tasks\Yahoo! Search => C:\Users\Łukasz\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [2014-10-28] (Pay By Ads LTD) <==== ATTENTION
Task: {C78F7BEA-3118-4028-ADF1-5D6D25A3297F} - System32\Tasks\Object Browser-codedownloader => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe [2013-10-28] (Object Browser) <==== ATTENTION
Task: {F434DB19-E3B3-4DB6-9F62-62E390E10F03} - System32\Tasks\Object Browser-chromeinstaller => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe [2013-10-28] (Object Browser) <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\UKASZ~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Object Browser-chromeinstaller.job => C:\Program Files (x86)\Object Browser\Object Browser-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Object Browser-codedownloader.job => C:\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Object Browser-updater.job => C:\Program Files (x86)\Object Browser\Object Browser-updater.exe <==== ATTENTION
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKU\S-1-5-21-1589615028-449597307-100043145-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aukasz\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1589615028-449597307-100043145-1000\...\Run: [Yahoo! Search] => C:\Users\Aukasz\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pl-PL&Src=MSE&Tid=00032955&OHP=http%3A%2F%2Fwww.gogle.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D{searchTerms}%26src%3DIE-SearchBox%26FORM%3DIESR02
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1382997416&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXH1A30C6687C6687
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382997417&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXH1A30C6687C6687&q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1382997417&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXH1A30C6687C6687&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser)
BHO-x32: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser)
BHO-x32: Jump Flip -> {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} -> C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll (Jump Flip)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4
C:\ProgramData\TEMP
C:\Users\Łukasz\daemonprocess.txt
C:\Users\Łukasz\AppData\Local\CRE
C:\Users\Łukasz\AppData\Local\Google
C:\Users\Łukasz\AppData\Roaming\newnext.me
C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
CMD: type C:\Windows\System32\Tasks\{4E61A813-426C-4D00-B47F-8C3B95E477DB}
CMD: type C:\Windows\System32\Tasks\{55550104-1865-49B7-9C50-2C1E09F563AC}
*****************
Processes closed successfully.
Restore point was successfully created.
{cc30460f-753f-44d9-b58c-13dae1321968}w64 => Service stopped successfully.
{cc30460f-753f-44d9-b58c-13dae1321968}w64 => Service deleted successfully.
MaintainerSvc1.47.6049145 => Service deleted successfully.
Update Jump Flip => Service deleted successfully.
Util Jump Flip => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A9C3B2C-6EDC-4465-83D1-18206625AF9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A9C3B2C-6EDC-4465-83D1-18206625AF9F}" => Key deleted successfully.
C:\Windows\System32\Tasks\FoxTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17E08DF3-1B52-44AA-B20B-4DB1D4D1F708}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E08DF3-1B52-44AA-B20B-4DB1D4D1F708}" => Key deleted successfully.
C:\Windows\System32\Tasks\Yahoo! Search Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B220F81-058D-4FFD-BD33-1DDDD469B44E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B220F81-058D-4FFD-BD33-1DDDD469B44E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Object Browser-updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Object Browser-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69BC01A4-C0A1-4345-BF45-66C64FEFA8D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69BC01A4-C0A1-4345-BF45-66C64FEFA8D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C54882E-AEA3-4041-8898-B282B17F9AC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C54882E-AEA3-4041-8898-B282B17F9AC3}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierCA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierCA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE137C06-C300-48A9-B925-5F807252EB3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE137C06-C300-48A9-B925-5F807252EB3B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C78F7BEA-3118-4028-ADF1-5D6D25A3297F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C78F7BEA-3118-4028-ADF1-5D6D25A3297F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Object Browser-codedownloader => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Object Browser-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F434DB19-E3B3-4DB6-9F62-62E390E10F03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F434DB19-E3B3-4DB6-9F62-62E390E10F03}" => Key deleted successfully.
C:\Windows\System32\Tasks\Object Browser-chromeinstaller => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Object Browser-chromeinstaller" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierCA.job => Moved successfully.
C:\Windows\Tasks\FoxTab.job => Moved successfully.
C:\Windows\Tasks\Object Browser-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\Object Browser-codedownloader.job => Moved successfully.
C:\Windows\Tasks\Object Browser-updater.job => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1589615028-449597307-100043145-1000\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110311281150}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311281150}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4 => Moved successfully.
C:\ProgramData\TEMP => Moved successfully.
C:\Users\Łukasz\daemonprocess.txt => Moved successfully.
C:\Users\Łukasz\AppData\Local\CRE => Moved successfully.
C:\Users\Łukasz\AppData\Local\Google => Moved successfully.
C:\Users\Łukasz\AppData\Roaming\newnext.me => Moved successfully.
C:\Windows\System32\drivers\{cc30460f-753f-44d9-b58c-13dae1321968}w64.sys => Moved successfully.
========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========
Operacja ukoäczona pomylnie.
========= End of Reg: =========
========= reg delete HKCU\Software\Google /f =========
Operacja ukoäczona pomylnie.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========
Operacja ukoäczona pomylnie.
========= End of Reg: =========
========= type C:\Windows\System32\Tasks\{4E61A813-426C-4D00-B47F-8C3B95E477DB} =========
true
IgnoreNew
false
true
true
false
false
PT10M
PT1H
true
false
true
true
false
false
false
PT72H
7
C:\Program Files (x86)\Steam\Steam.exe
LukaszDPL\ukasz
InteractiveToken
LeastPrivilege
========= End of CMD: =========
========= type C:\Windows\System32\Tasks\{55550104-1865-49B7-9C50-2C1E09F563AC} =========
true
IgnoreNew
false
true
true
false
false
PT10M
PT1H
true
false
true
true
false
false
false
PT72H
7
C:\Program Files (x86)\Java\jre7\launch4j-tmp\MinecraftZyczu.exe
LukaszDPL\ukasz
InteractiveToken
LeastPrivilege
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 22:28:23 ====