Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-03-2014 01
Ran by x at 2014-03-12 23:11:23 Run:1
Running from C:\Documents and Settings\x\Pulpit\frst
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe
() C:\Program Files\Mobogenie\MgAssist.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
() C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761536 2014-01-06] ()
HKU\S-1-5-21-839522115-484763869-1417001333-1003\...\Run: [MSConfig] - C:\Documents and Settings\x\nrimovzj.exe [35004416 2014-03-02] (Daniel Pistelli)
AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll => C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll [3618304 2013-11-18] ()
R2 BitGuard; C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe [3780064 2013-11-18] ()
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-03-03] ()
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
Unlock: HKLM\SYSTEM\CurrentControlSet\Services\sptd
S4 sptd; System32\Drivers\sptd.sys [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112670&tt=4712_1&babsrc=HP_sst&mntrId=1467a05b000000000000001e101fbcad
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid={A4056996-4755-4AE7-899B-C835AC1D870D}
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A4056996-4755-4AE7-899B-C835AC1D870D}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A4056996-4755-4AE7-899B-C835AC1D870D}
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112670&tt=4712_1&babsrc=SP_sst&mntrId=1467a05b000000000000001e101fbcad
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112670&tt=4712_1&babsrc=SP_sst&mntrId=1467a05b000000000000001e101fbcad
SearchScopes: HKCU - {85039B6F-5035-430B-87DD-7234D4C419D8} URL = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM4PL&apn_uid=653fffd0-2127-479f-a275-76566b301c66&apn_sauid=1ED16C7F-85D9-4836-AC75-2145862D468A&
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A4056996-4755-4AE7-899B-C835AC1D870D}
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
AlternateDataStreams: C:\WINDOWS\Temp:temp
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:55B41E6A
AlternateDataStreams: C:\Documents and Settings\x\Local Settings:init
C:\Documents and Settings\x\dbupwj.exe
C:\Documents and Settings\x\nrimovzj.exe
C:\Documents and Settings\All Users\Dane aplikacji\Babylon
C:\Documents and Settings\All Users\Dane aplikacji\Common Files
C:\Documents and Settings\All Users\Dane aplikacji\Logs
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
C:\Documents and Settings\All Users\Dane aplikacji\Wru
C:\Documents and Settings\x\Dane aplikacji\BabSolution
C:\Documents and Settings\x\Dane aplikacji\Babylon
C:\Documents and Settings\x\Dane aplikacji\Mozilla
C:\Documents and Settings\x\Dane aplikacji\Systweak
C:\Documents and Settings\x\Dane aplikacji\Wru
C:\Documents and Settings\x\Ustawienia lokalne\Temp*.html
C:\Program Files\BonanzaDeals
C:\Program Files\DAEMON Tools Toolbar
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete HKCU\Software\Mozilla /f
Reg: reg delete HKCU\Software\MozillaPlugins /f
Reg: reg delete HKLM\SOFTWARE\Mozilla /f
Reg: reg delete HKLM\SOFTWARE\mozilla.org /f
Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f
CMD: sc config "Mobile Partner. RunOuc" start= demand
Reboot:
*****************

[1600] C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe => Process closed successfully.
[1856] C:\Program Files\Mobogenie\MgAssist.exe => Process closed successfully.
[1632] C:\Program Files\Mobogenie\DaemonProcess.exe => Process closed successfully.
[1600] C:\Documents and Settings\All Users\Dane aplikacji\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.
HKU\S-1-5-21-839522115-484763869-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig => Value deleted successfully.
"c:\\docume~1\\alluse~1\\daneap~1\\bitguard\\271832~1.68\\{16cdf~1\\bitguard.dll" => Value Data removed successfully.
BitGuard => Service stopped successfully.
BitGuard => Service deleted successfully.
MgAssistService => Service deleted successfully.
gdrv => Service deleted successfully.
hwusbdev => Service deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\sptd" => Key unlocked successfully.
sptd => Service deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85039B6F-5035-430B-87DD-7234D4C419D8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{85039B6F-5035-430B-87DD-7234D4C419D8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
C:\WINDOWS\Temp => ":temp" ADS removed successfully.
C:\Documents and Settings\All Users\Dane aplikacji\TEMP => ":55B41E6A" ADS removed successfully.
C:\Documents and Settings\x\Local Settings => ":init" ADS removed successfully.
C:\Documents and Settings\x\dbupwj.exe => Moved successfully.
C:\Documents and Settings\x\nrimovzj.exe => Moved successfully.

"C:\Documents and Settings\All Users\Dane aplikacji\Babylon" directory move:

Could not move "C:\Documents and Settings\All Users\Dane aplikacji\Babylon" directory. => Scheduled to move on reboot.


"C:\Documents and Settings\All Users\Dane aplikacji\Common Files" directory move:

C:\Documents and Settings\All Users\Dane aplikacji\Common Files\57BA9C92-DF43-B95D-5F4A-2AB44D57B714.dat => Moved successfully.
Could not move "C:\Documents and Settings\All Users\Dane aplikacji\Common Files" directory. => Scheduled to move on reboot.

C:\Documents and Settings\All Users\Dane aplikacji\Logs => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\TEMP => Moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Wru => Moved successfully.

"C:\Documents and Settings\x\Dane aplikacji\BabSolution" directory move:

C:\Documents and Settings\x\Dane aplikacji\BabSolution\Shared\BabyTBConf.ini => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\BabSolution\Shared\BUSolution.dll => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\BabSolution\Shared\chu.js => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\BabSolution\Shared\SQLite3.dll => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\BabSolution\CR\BabylonChrome1.crx => Moved successfully.
Could not move "C:\Documents and Settings\x\Dane aplikacji\BabSolution" directory. => Scheduled to move on reboot.

C:\Documents and Settings\x\Dane aplikacji\Babylon => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\Mozilla => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\Systweak => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\Wru => Moved successfully.
C:\Documents and Settings\x\Ustawienia lokalne\Temp*.html => Moved successfully.

"C:\Program Files\BonanzaDeals" directory move:

C:\Program Files\BonanzaDeals\uninst.exe => Moved successfully.
Could not move "C:\Program Files\BonanzaDeals" directory. => Scheduled to move on reboot.

C:\Program Files\DAEMON Tools Toolbar => Moved successfully.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete HKCU\Software\Mozilla /f =========


Error:  Odmowa dostępu.


========= End of Reg: =========


========= reg delete HKCU\Software\MozillaPlugins /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Mozilla /f =========


Error:  Odmowa dostępu.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\mozilla.org /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\MozillaPlugins /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


=========  sc config "Mobile Partner. RunOuc" start= demand =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-12 23:19:17)<=

C:\Documents and Settings\All Users\Dane aplikacji\Babylon => Is moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Common Files => Moved successfully.
C:\Documents and Settings\x\Dane aplikacji\BabSolution => Moved successfully.
C:\Program Files\BonanzaDeals => Moved successfully.

==== End of Fixlog ====