Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015 Ran by vardum at 2015-07-11 22:58:38 Run:1 Running from C:\Users\vardum\Downloads Loaded Profiles: vardum (Available Profiles: vardum & Gość Abdul & Gość) Boot Mode: Normal ============================================== fixlist content: ***************** Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f Task: {6E464F98-91F3-487B-8DB1-F3F743F9BA9E} - System32\Tasks\{46F98AE4-1E7B-41B7-A3CE-C84F3C5FE982} => pcalua.exe -a E:\cda_menu.exe -d E:\ Task: {731A97F4-98AD-4626-9F26-6DDD6D29706F} - System32\Tasks\{956532CE-0351-4524-9B29-D96C64C5A41E} => pcalua.exe -a E:\cda_menu.exe -d E:\ Task: {8AF4703B-E7B4-4259-8DE8-FF8E76E7035B} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe <==== ATTENTION Task: {E7C6BEB3-AECB-47E4-BC59-C86FBFE21595} - System32\Tasks\{E2F5657B-FE0C-4AF0-8BF2-41C736488113} => pcalua.exe -a E:\startuj.exe -d E:\ Task: {E87ECC42-BA4E-434B-9E53-604AB7E06309} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B794EAB0-2EB1-4883-A0F1-74A26066A12C}.exe [2015-05-05] () Task: {FB4230DA-7BB5-4796-9E1F-7FEA4B8CBBAC} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: C:\WINDOWS\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B794EAB0-2EB1-4883-A0F1-74A26066A12C}.exe Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{F2C462E0-C2AA-414F-92A6-7510DE255EA4}.exe Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/ C:\Program Files (x86)\Common Files\AVG Secure Search C:\Program Files (x86)\AVG SafeGuard toolbar C:\Program Files (x86)\AskPartnerNetwork Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f C:\Program Files (x86)\MiuiTab C:\Program Files (x86)\WordAnchor_1.10.0.19 HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-14] () HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN) HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1418626302 IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File CHR Extension: (Jump Flip) - C:\Users\vardum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphehadppenpmajgnkjdcopcfijjegaf [2014-01-17] CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2014-01-16] R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.) R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system) R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search) R2 wasvc_1.10.0.19; C:\Program Files (x86)\WordAnchor_1.10.0.19\Service\wasvc.exe [299096 2015-06-16] (WA) R1 wafd_1_10_0_19; C:\Windows\System32\drivers\wafd_1_10_0_19.sys [57728 2015-06-16] (WA) C:\ProgramData\IHProtectUpDate C:\Users\vardum\AppData\Roaming\istartsurf C:\ProgramData\SetStretch.VBS EmptyTemp: ***************** ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E464F98-91F3-487B-8DB1-F3F743F9BA9E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E464F98-91F3-487B-8DB1-F3F743F9BA9E}" => key removed successfully C:\Windows\System32\Tasks\{46F98AE4-1E7B-41B7-A3CE-C84F3C5FE982} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46F98AE4-1E7B-41B7-A3CE-C84F3C5FE982}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{731A97F4-98AD-4626-9F26-6DDD6D29706F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{731A97F4-98AD-4626-9F26-6DDD6D29706F}" => key removed successfully C:\Windows\System32\Tasks\{956532CE-0351-4524-9B29-D96C64C5A41E} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{956532CE-0351-4524-9B29-D96C64C5A41E}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF4703B-E7B4-4259-8DE8-FF8E76E7035B} => key not found. C:\Windows\System32\Tasks\Right Backup_startup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Right Backup_startup => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7C6BEB3-AECB-47E4-BC59-C86FBFE21595}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7C6BEB3-AECB-47E4-BC59-C86FBFE21595}" => key removed successfully C:\Windows\System32\Tasks\{E2F5657B-FE0C-4AF0-8BF2-41C736488113} => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2F5657B-FE0C-4AF0-8BF2-41C736488113}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E87ECC42-BA4E-434B-9E53-604AB7E06309} => key not found. C:\Windows\System32\Tasks\0415tbUpdateInfo not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0415tbUpdateInfo => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB4230DA-7BB5-4796-9E1F-7FEA4B8CBBAC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4230DA-7BB5-4796-9E1F-7FEA4B8CBBAC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Program aktualizacji online firmy Adobe." => key removed successfully C:\WINDOWS\Tasks\0415tbUpdateInfo.job not found. C:\WINDOWS\Tasks\0615tbUpdateInfo.job not found. C:\WINDOWS\Tasks\Open Chrome.job not found. "C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Folder not found. "C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Folder not found. "C:\Program Files (x86)\AskPartnerNetwork" => File/Folder not found. ========= reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= "C:\Program Files (x86)\MiuiTab" => File/Folder not found. "C:\Program Files (x86)\WordAnchor_1.10.0.19" => File/Folder not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value not found. HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. C:\Users\vardum\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphehadppenpmajgnkjdcopcfijjegaf folder not found HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf => key not found. "C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx" => File/Folder not found. APNMCP => Service not found. IHProtect Service => Service not found. vToolbarUpdater18.5.0 => Service not found. wasvc_1.10.0.19 => Service not found. wafd_1_10_0_19 => Service not found. "C:\ProgramData\IHProtectUpDate" => File/Folder not found. "C:\Users\vardum\AppData\Roaming\istartsurf" => File/Folder not found. C:\ProgramData\SetStretch.VBS => moved successfully. EmptyTemp: => 1.4 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 22:59:54 ====