Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by Kasia at 2014-06-04 15:50:47 Run:2
Running from D:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
(Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe
() C:\Program Files\Rock Turner\updater.exe
S2 Update Rock Turner; C:\Program Files\Rock Turner\updateRockTurner.exe [317728 2014-06-01] ()
R2 UpdaterSvcRockTurner; C:\Program Files\Rock Turner\updater.exe [109568 2014-06-01] ()
R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [510608 2014-03-05] (Cherished Technololgy LIMITED)
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
R1 {b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}t; C:\WINDOWS\System32\drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}t.sys [55224 2014-05-19] (StdLib)
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 SpyEmrg; System32\Drivers\spyemrg.sys [X]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
HKLM\...\Run: [fst_pl_46] => [X]
HKLM\...\Run: [upfst_pl_46.exe] => C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\fst_pl_46\upfst_pl_46.exe -runhelper
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\...\Run: [Torntv Downloader] => C:\Program Files\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\...\Run: [AmitiAntivirus] => C:\Program Files\NETGATE\Amiti Antivirus\AmitiAv.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391784748&from=tt4u&uid=FUJITSUXMHW2120BH_NZ2MT782A413T782A413X&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391784748&from=tt4u&uid=FUJITSUXMHW2120BH_NZ2MT782A413T782A413X&q={searchTerms}
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112670&tt=251212_ctrl_5212_3&babsrc=SP_sst&mntrId=0c8056020000000000000017c406f923
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640
BHO: Rock Turner - {527b365c-1bd3-4a66-906f-8729805ce78c} - C:\Program Files\Rock Turner\RockTurnerbho.dll (Rock Turner)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Documents and Settings\Kasia\Dane aplikacji\23300\a6657.exe <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:51E9F892
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\TEMP:676C1C69
C:\Documents and Settings\All Users\Dane aplikacji\Babylon
C:\Documents and Settings\All Users\Dane aplikacji\Common Files
C:\Documents and Settings\All Users\Dane aplikacji\eSafe
C:\Documents and Settings\All Users\Dane aplikacji\IePluginService
C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
C:\Documents and Settings\All Users\Dane aplikacji\MFAData
C:\Documents and Settings\All Users\Dane aplikacji\TEMP
C:\Documents and Settings\All Users\Dane aplikacji\WPM
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\MFAData
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp
C:\Documents and Settings\Kasia\Dane aplikacji\23300
C:\Documents and Settings\Kasia\Dane aplikacji\Amiti Antivirus
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp
C:\Program Files\Mozilla Firefox\extensions
C:\Program Files\Mozilla Firefox\plugins
C:\WINDOWS\system32\Drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}t.sys
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALLUpdate" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPLA!" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kamsoft" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msfpgxjSrv" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f
CMD: netsh firewall reset
Reboot:
*****************

C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe => No running process found
C:\Program Files\Rock Turner\updater.exe => No running process found
Update Rock Turner => Service not found.
UpdaterSvcRockTurner => Service not found.
Wpm => Service not found.
SkypeUpdate => Service not found.
{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}t => Service not found.
EagleXNt => Service not found.
hwdatacard => Service not found.
SpyEmrg => Service not found.
SSPORT => Service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fst_pl_46 => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\upfst_pl_46.exe => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DApp => Value not found.
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Torntv Downloader => Value not found.
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\LiveSupport => Value not found.
HKU\S-1-5-21-1844237615-1326574676-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AmitiAntivirus => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{527b365c-1bd3-4a66-906f-8729805ce78c} => Key not found.
HKCR\CLSID\{527b365c-1bd3-4a66-906f-8729805ce78c} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{68282C51-9459-467B-95BF-3C0E89627E55} => Key not found.
HKCR\CLSID\{68282C51-9459-467B-95BF-3C0E89627E55} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => Value not found.
C:\WINDOWS\Tasks\AmiUpdXp.job not found.
"C:\Documents and Settings\All Users\Dane aplikacji\TEMP" => ":51E9F892" ADS not found.
"C:\Documents and Settings\All Users\Dane aplikacji\TEMP" => ":676C1C69" ADS not found.
"C:\Documents and Settings\All Users\Dane aplikacji\Babylon" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\Common Files" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\eSafe" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\IePluginService" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\MFAData" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\TEMP" => File/Directory not found.
"C:\Documents and Settings\All Users\Dane aplikacji\WPM" => File/Directory not found.
"C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google" => File/Directory not found.
"C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\MFAData" => File/Directory not found.
"C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp" => File/Directory not found.
"C:\Documents and Settings\Kasia\Dane aplikacji\23300" => File/Directory not found.
"C:\Documents and Settings\Kasia\Dane aplikacji\Amiti Antivirus" => File/Directory not found.

"C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp" directory move:

Could not move "C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\etilqs_8cFiwN9rAVo9KCH" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\etilqs_ei6xYUWxJQi2nsU" => Scheduled to move on reboot.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\EULA.txt => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\jusched.log => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\log3 => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\mmc00ADEB6C.xml => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Report.ico => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Scan.ico => Moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Uninstall.ico => Moved successfully.
Could not move "C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp" directory. => Scheduled to move on reboot.

"C:\Program Files\Mozilla Firefox\extensions" => File/Directory not found.
"C:\Program Files\Mozilla Firefox\plugins" => File/Directory not found.
"C:\WINDOWS\system32\Drivers\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}t.sys" => File/Directory not found.
"C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" => File/Directory not found.

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALLUpdate" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPLA!" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kamsoft" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msfpgxjSrv" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f =========


Operacja ukończona pomyślnie


========= End of Reg: =========


=========  netsh firewall reset =========

Ok.


========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-04 15:52:24)<=

C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\etilqs_8cFiwN9rAVo9KCH => Is moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\etilqs_ei6xYUWxJQi2nsU => Is moved successfully.
C:\Documents and Settings\Kasia\Ustawienia lokalne\Temp => Moved successfully.

==== End of Fixlog ====