Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2013
Ran by Czesiu at 2013-10-20 18:57:40 Run:1
Running from C:\Users\Czesiu\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {47748634-90F3-4427-9BA5-23BD585824B4} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: {5878D8D1-EB53-44EE-88CF-946161C5FCE7} - System32\Tasks\DigitalSite => C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {863C13D8-02CD-410C-A333-75036D29E038} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {A30E3A8B-A818-47C6-BAE7-A439D22A404D} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: {C93F6EDB-7040-4E5B-AE11-8BB2EF43FC70} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {F6540C36-929E-4F98-90BF-C840D9F472CE} - System32\Tasks\EPUpdater => C:\Users\Czesiu\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\windows\Tasks\DigitalSite.job => C:\Users\Czesiu\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
R2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3032032 2013-10-08] ()
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [] - [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=3C710AEDB9A6A5F5&affID=125035&tsp=5035
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=3C710AEDB9A6A5F5&affID=125035&tsp=5035
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856595
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C710AEDB9A6A5F5&affID=125035&tsp=5035
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S2SWJ9ECC02774&ts=1379856602&type=default&q={searchTerms}
SearchScopes: HKCU - {9D9AC5BF-799A-4B91-82A9-4AFCDC6382A7} URL =
CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\Czesiu\AppData\Roaming\BabSolution\CR\searchgol.crx
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files (x86)\Mozilla Firefox
C:\ProgramData\Babylon
C:\ProgramData\BonanzaDealsLive
C:\ProgramData\McAfee
C:\Users\Czesiu\AppData\Local\avgchrome
C:\Users\Czesiu\AppData\Local\BonanzaDealsLive
C:\Users\Czesiu\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
C:\Users\Czesiu\AppData\Roaming\BabSolution
C:\Users\Czesiu\AppData\Roaming\Babylon
C:\Users\Czesiu\AppData\Roaming\DigitalSite
C:\Users\Czesiu\AppData\Roaming\OpenCandy
C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
C:\Users\UpdatusUser\Desktop\MiPony.lnk
C:\windows\SysWOW64\searchplugins
C:\windows\SysWOW64\Extensions
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47748634-90F3-4427-9BA5-23BD585824B4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47748634-90F3-4427-9BA5-23BD585824B4} => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5878D8D1-EB53-44EE-88CF-946161C5FCE7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5878D8D1-EB53-44EE-88CF-946161C5FCE7} => Key deleted successfully.
C:\Windows\System32\Tasks\DigitalSite => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{863C13D8-02CD-410C-A333-75036D29E038} => Key not found.
C:\Windows\System32\Tasks\BitGuard => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A30E3A8B-A818-47C6-BAE7-A439D22A404D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A30E3A8B-A818-47C6-BAE7-A439D22A404D} => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C93F6EDB-7040-4E5B-AE11-8BB2EF43FC70} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93F6EDB-7040-4E5B-AE11-8BB2EF43FC70} => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6540C36-929E-4F98-90BF-C840D9F472CE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6540C36-929E-4F98-90BF-C840D9F472CE} => Key deleted successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\DigitalSite.job => Moved successfully.
BitGuard => Service deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mcui_exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D9AC5BF-799A-4B91-82A9-4AFCDC6382A7} => Key deleted successfully.
HKCR\CLSID\{9D9AC5BF-799A-4B91-82A9-4AFCDC6382A7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac => Key deleted successfully.
C:\Users\Czesiu\AppData\Roaming\BabSolution\CR\searchgol.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj => Key deleted successfully.
C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx => Moved successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
C:\ProgramData\BonanzaDealsLive => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\Users\Czesiu\AppData\Local\avgchrome => Moved successfully.
C:\Users\Czesiu\AppData\Local\BonanzaDealsLive => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\BabSolution => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\Babylon => Moved successfully.

"C:\Users\Czesiu\AppData\Roaming\DigitalSite" directory move:

C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\config.dat => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\prod.dat => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe => Moved successfully.
Could not move "C:\Users\Czesiu\AppData\Roaming\DigitalSite" directory. => Scheduled to move on reboot.

C:\Users\Czesiu\AppData\Roaming\OpenCandy => Moved successfully.
C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals => Moved successfully.

"C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" directory move:

C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard\Uninstall BitGuard.lnk => Moved successfully.
Could not move "C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" directory. => Scheduled to move on reboot.

C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony => Moved successfully.
C:\Users\UpdatusUser\Desktop\MiPony.lnk => Moved successfully.
C:\windows\SysWOW64\searchplugins => Moved successfully.
C:\windows\SysWOW64\Extensions => Moved successfully.

========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f =========

Operacja ukoäczona pomy˜lnie.



========= End of Reg: =========


=========== Result of Scheduled Files to move ===========

"C:\Users\Czesiu\AppData\Roaming\DigitalSite" => Directory could not move.
"C:\Users\Czesiu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" => Directory could not move.

==== End of Fixlog ====