Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01 Ran by Mruvek at 2015-02-28 12:00:42 Run:1 Running from C:\Users\Mruvek\Downloads Loaded Profiles: Mruvek (Available profiles: Mruvek) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-02-10] (AV Security Software) [File not signed] S2 SPDRIVER_1462.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1462.0.0.0\jsdrv.sys [X] Task: {50C061D8-18A9-41B6-AC6C-58A64AC4F549} - System32\Tasks\UNELEVATE_27644 => C:\Program Files (x86)\ShopperPro\JSDriver\1462.0.0.0\jsdrv.exe <==== ATTENTION Task: {7E1F8819-9CFB-47A8-A78F-6BB287298681} - \Jelbrus Secure Web Task No Task File <==== ATTENTION Task: {B5C5F4D9-7043-4E57-8542-B4B5D7E7E581} - \SPBIW_UpdateTask_Time_313134313638363138332d3437415a556c2a3223346c41 No Task File <==== ATTENTION Task: {E631DA24-7B71-4118-805E-ED3B3C3F9DB6} - System32\Tasks\{5A58DE2B-3D71-401C-887E-39843692CD6C} => pcalua.exe -a C:\Users\Mruvek\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt Task: {F3033A5B-4A3A-4838-A6E0-9915B40536D5} - System32\Tasks\{F1EF64D4-CA89-46FB-8AA5-7156AE2A64FC} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116&LastError=404 HKU\S-1-5-21-2425550454-778079741-1055617296-1000\...\Run: [uTorrent] => "D:\instalki\uTorrent\updates\3.4.2_37907.exe" /MINIMIZED HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x00 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00 HKU\S-1-5-21-2425550454-778079741-1055617296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x00 C:\d44aa6d0064ed097757888452e C:\Program Files (x86)\133c7306-471f-4bf1-91ae-5c9ef844c9ae C:\Program Files (x86)\1d312dc6-83b0-4bb1-8f58-5094850398d9 C:\Users\Mruvek\AppData\Roaming\46B7.tmp C:\Users\Mruvek\AppData\Roaming\ONHJDN C:\Windows\mlwps.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: ipconfig /flushdns EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. Live Malware Protection => Service deleted successfully. SPDRIVER_1462.0.0.0 => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50C061D8-18A9-41B6-AC6C-58A64AC4F549}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50C061D8-18A9-41B6-AC6C-58A64AC4F549}" => Key deleted successfully. C:\Windows\System32\Tasks\UNELEVATE_27644 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_27644" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E1F8819-9CFB-47A8-A78F-6BB287298681}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E1F8819-9CFB-47A8-A78F-6BB287298681}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5C5F4D9-7043-4E57-8542-B4B5D7E7E581}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5C5F4D9-7043-4E57-8542-B4B5D7E7E581}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313134313638363138332d3437415a556c2a3223346c41" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E631DA24-7B71-4118-805E-ED3B3C3F9DB6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E631DA24-7B71-4118-805E-ED3B3C3F9DB6}" => Key deleted successfully. C:\Windows\System32\Tasks\{5A58DE2B-3D71-401C-887E-39843692CD6C} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A58DE2B-3D71-401C-887E-39843692CD6C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3033A5B-4A3A-4838-A6E0-9915B40536D5}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3033A5B-4A3A-4838-A6E0-9915B40536D5}" => Key deleted successfully. C:\Windows\System32\Tasks\{F1EF64D4-CA89-46FB-8AA5-7156AE2A64FC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F1EF64D4-CA89-46FB-8AA5-7156AE2A64FC}" => Key deleted successfully. HKU\S-1-5-21-2425550454-778079741-1055617296-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2425550454-778079741-1055617296-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. C:\d44aa6d0064ed097757888452e => Moved successfully. C:\Program Files (x86)\133c7306-471f-4bf1-91ae-5c9ef844c9ae => Moved successfully. C:\Program Files (x86)\1d312dc6-83b0-4bb1-8f58-5094850398d9 => Moved successfully. C:\Users\Mruvek\AppData\Roaming\46B7.tmp => Moved successfully. C:\Users\Mruvek\AppData\Roaming\ONHJDN => Moved successfully. C:\Windows\mlwps.exe => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= End of CMD: ========= EmptyTemp: => Removed 196.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:01:03 ====