Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014
Ran by Zurawski at 2014-01-20 15:51:20 Run:1
Running from C:\Documents and Settings\Zurawski\Pulpit
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Startup: C:\Documents and Settings\Zurawski\Menu Start\Programy\Autostart\A9B90D.lnk
HKLM\...\Run: [A9B90D] - C:\WINDOWS\system32\29EDD5\A9B90D.EXE [1406935 2013-09-27] ()
HKCU\...\Run: [NextLive] - C:\Documents and Settings\Zurawski\Dane aplikacji\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Run: [spoolsv32] - "C:\WINDOWS\system32\javaw.exe" -jar "C:\Documents and Settings\Zurawski\Dane aplikacji\Win32\spoolsv32.jar"
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD3200AVJS-63WDA0_WD-WCARW278467984679&ts=1379163499
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD3200AVJS-63WDA0_WD-WCARW278467984679&ts=1379163499
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qvo6.xml
Winlogon\Notify\igfxcui: igfxdev.dll [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S3 ialm; system32\DRIVERS\igxpmp32.sys [x]
S3 PCANDIS5; \??\C:\WINDOWS\system32\PCANDIS5.SYS [x]
S3 ZDCndis5; \??\C:\WINDOWS\system32\ZDCndis5.SYS [x]
U3 mbr; \??\C:\DOCUME~1\Zurawski\USTAWI~1\Temp\mbr.sys [x]
C:\WINDOWS\system32\29EDD5
C:\WINDOWS\system32\roboot.exe
C:\WINDOWS\System32\unrar.dll
C:\Program Files\Common Files\userInit.dll
C:\Program Files\BonanzaDeals
C:\Program Files\Mobogenie
C:\Program Files\MyPC Backup
C:\Program Files\RegClean Pro
C:\Documents and Settings\All Users\Dane aplikacji\AVG
C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
C:\Documents and Settings\All Users\Dane aplikacji\eSafe
C:\Documents and Settings\All Users\Dane aplikacji\Kingsoft
C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
C:\Documents and Settings\Zurawski\.android
C:\Documents and Settings\Zurawski\daemonprocess.txt
C:\Documents and Settings\Zurawski\Dane aplikacji\n402.dll
C:\Documents and Settings\Zurawski\Dane aplikacji\0F1F1C2Y1H1P1C0I0T
C:\Documents and Settings\Zurawski\Dane aplikacji\AVG
C:\Documents and Settings\Zurawski\Dane aplikacji\FoxTab
C:\Documents and Settings\Zurawski\Dane aplikacji\Kingsoft
C:\Documents and Settings\Zurawski\Dane aplikacji\newnext.me
C:\Documents and Settings\Zurawski\Dane aplikacji\OpenCandy
C:\Documents and Settings\Zurawski\Dane aplikacji\Splashtop
C:\Documents and Settings\Zurawski\Dane aplikacji\systweak
C:\Documents and Settings\Zurawski\Dane aplikacji\Windows Net Data
C:\Documents and Settings\Zurawski\Moje dokumenty\Mobogenie
C:\Documents and Settings\Zurawski\Pulpit\ipchanger.exe
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\cache
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\genienext
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\Mobogenie
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\OTLand
Reg: reg delete HKCU\Software\OtLand /f
*****************

C:\Documents and Settings\Zurawski\Menu Start\Programy\Autostart\A9B90D.lnk => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\A9B90D => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\spoolsv32 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files\mozilla firefox\browser\searchplugins\qvo6.xml => Moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Key deleted successfully.
catchme => Service deleted successfully.
gdrv => Service deleted successfully.
ialm => Service deleted successfully.
PCANDIS5 => Service deleted successfully.
ZDCndis5 => Service deleted successfully.
mbr => Service not found.

"C:\WINDOWS\system32\29EDD5" directory move:

Could not move "C:\WINDOWS\system32\29EDD5\A9B90D.EXE" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\29EDD5" directory. => Scheduled to move on reboot.

C:\WINDOWS\system32\roboot.exe => Moved successfully.
C:\WINDOWS\System32\unrar.dll => Moved successfully.
C:\Program Files\Common Files\userInit.dll => Moved successfully.
C:\Program Files\BonanzaDeals => Moved successfully.
C:\Program Files\Mobogenie => Moved successfully.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Program Files\RegClean Pro => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\AVG => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\eSafe => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Kingsoft => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\Documents and Settings\Zurawski\.android => Moved successfully.
C:\Documents and Settings\Zurawski\daemonprocess.txt => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\n402.dll => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\0F1F1C2Y1H1P1C0I0T => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\AVG => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\FoxTab => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\Kingsoft => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\newnext.me => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\OpenCandy => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\Splashtop => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\systweak => Moved successfully.
C:\Documents and Settings\Zurawski\Dane aplikacji\Windows Net Data => Moved successfully.
"C:\Documents and Settings\Zurawski\Moje dokumenty\Mobogenie" => File/Directory not found.
"C:\Documents and Settings\Zurawski\Pulpit\ipchanger.exe" => File/Directory not found.
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\cache => Moved successfully.
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\genienext => Moved successfully.
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\Mobogenie => Moved successfully.
C:\Documents and Settings\Zurawski\Ustawienia lokalne\Dane aplikacji\OTLand => Moved successfully.

========= reg delete HKCU\Software\OtLand /f =========


Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości.


========= End of Reg: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-20 16:21:22)<=

C:\WINDOWS\system32\29EDD5\A9B90D.EXE => Is moved successfully.
C:\WINDOWS\system32\29EDD5 => Is moved successfully.

==== End of Fixlog ====