Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by wirginia67 at 2015-02-04 19:51:42 Run:1
Running from C:\Users\sławek\Desktop\LOGI
Loaded Profiles: wirginia67 (Available profiles: wirginia67 & Administrator & Gość)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=na"
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultNewTabURL: Default -> http://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr__alt__ddc_dsssyctab_bd_com
CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
HKU\S-1-5-21-2592862549-595905708-2507062346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
SearchScopes: HKU\S-1-5-21-2592862549-595905708-2507062346-1001 -> DefaultScope {96508140-5FAC-4624-9FE9-08A58E5FBFE5} URL =
SearchScopes: HKU\S-1-5-21-2592862549-595905708-2507062346-1001 -> {6197D26D-FF62-4C7C-A531-9902C633C558} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=842
SearchScopes: HKU\S-1-5-21-2592862549-595905708-2507062346-1001 -> {96508140-5FAC-4624-9FE9-08A58E5FBFE5} URL =
DPF: HKLM-x32 {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
Task: {07FAFA7A-AB21-4458-8095-4C55B5DE12CF} - System32\Tasks\Price Fountain => C:\Users\sławek\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-01-27] () <==== ATTENTION
Task: {9714D8FC-B5C8-4725-89C5-10C833CFB9B4} - System32\Tasks\{46511A2A-A716-403F-9DB8-E8131D2B6156} => pcalua.exe -a "C:\Program Files (x86)\3G HSUPA Modem\UNWISE.EXE" -d "C:\Program Files (x86)\3G HSUPA Modem" -c /W6 "C:\Program Files (x86)\3G HSUPA Modem\INSTALL.LOG"
Task: {9F17114C-4088-45F0-BA30-78E93B2C6BE8} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: C:\WINDOWS\Tasks\Price Fountain.job => C:\Users\SAWEK~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Program Files (x86)\Jump Flip
C:\Program Files (x86)\Mobogenie
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4
C:\ProgramData\APN
C:\Users\sławek\AppData\Local\genienext
C:\Users\sławek\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\sławek\AppData\Local\Google\Chrome\User Data\Default\Local storage\*localstorage*
C:\Users\sławek\AppData\Local\PriceFountain
C:\Users\sławek\AppData\Roaming\newnext.me
C:\Users\sławek\AppData\Roaming\PriceFountain
C:\Users\sławek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mobogenie.lnk
C:\Users\sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
C:\Users\sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
C:\Users\sławek\Downloads\*(*)-dp*.exe
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v NextLive /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Yahoo! Search" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
CMD: sc config "Mobile Partner. RunOuc" start= disabled
CMD: sc config "PLAY ONLINE. RunOuc" start= disabled
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultNewTabURL: Default -> http://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr__alt__ddc_dsssyctab_bd_com => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\debmkdhphjfcbaomiknnceliiclnpmfg" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji => Key not found. 
"C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx" => File/Directory not found.
HKU\S-1-5-21-2592862549-595905708-2507062346-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2592862549-595905708-2507062346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2592862549-595905708-2507062346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6197D26D-FF62-4C7C-A531-9902C633C558}" => Key deleted successfully.
HKCR\CLSID\{6197D26D-FF62-4C7C-A531-9902C633C558} => Key not found. 
"HKU\S-1-5-21-2592862549-595905708-2507062346-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96508140-5FAC-4624-9FE9-08A58E5FBFE5}" => Key deleted successfully.
HKCR\CLSID\{96508140-5FAC-4624-9FE9-08A58E5FBFE5} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07FAFA7A-AB21-4458-8095-4C55B5DE12CF} => Key not found. 
C:\Windows\System32\Tasks\Price Fountain not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Price Fountain => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9714D8FC-B5C8-4725-89C5-10C833CFB9B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9714D8FC-B5C8-4725-89C5-10C833CFB9B4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{46511A2A-A716-403F-9DB8-E8131D2B6156} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46511A2A-A716-403F-9DB8-E8131D2B6156}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F17114C-4088-45F0-BA30-78E93B2C6BE8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F17114C-4088-45F0-BA30-78E93B2C6BE8}" => Key deleted successfully.
C:\Windows\System32\Tasks\WLANStartup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WLANStartup" => Key deleted successfully.
C:\WINDOWS\Tasks\Price Fountain.job not found.
C:\Program Files (x86)\Jump Flip => Moved successfully.
C:\Program Files (x86)\Mobogenie => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox => Moved successfully.
C:\ProgramData\2ce8e63b-5e53-4efc-b4cf-6a6e52e017a4 => Moved successfully.
C:\ProgramData\APN => Moved successfully.
C:\Users\sławek\AppData\Local\genienext => Moved successfully.
C:\Users\sławek\AppData\Local\Google\Chrome\User Data\Default\Preferences => Moved successfully.
C:\Users\sławek\AppData\Local\Google\Chrome\User Data\Default\Local storage\*localstorage* => Moved successfully.
C:\Users\sławek\AppData\Local\PriceFountain => Moved successfully.
C:\Users\sławek\AppData\Roaming\newnext.me => Moved successfully.
C:\Users\sławek\AppData\Roaming\PriceFountain => Moved successfully.
"C:\Users\sławek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mobogenie.lnk" => File/Directory not found.
C:\Users\sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie => Moved successfully.
C:\Users\sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain => Moved successfully.
C:\Users\sławek\Downloads\*(*)-dp*.exe => Moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v NextLive /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Yahoo! Search" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKCU\Software\Mozilla /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Mozilla /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  sc config "Mobile Partner. RunOuc" start= disabled =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


=========  sc config "PLAY ONLINE. RunOuc" start= disabled =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========

EmptyTemp: => Removed 1013.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:53:55 ====