Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Kuba at 2015-03-17 18:33:02 Run:7 Running from C:\Users\Kuba\Desktop\logi\nowe\nowe2\3\4\5\6 Loaded Profiles: Kuba (Available profiles: Kuba & Gość) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 Live Malware Protection; C:\windows\mlwps.exe [239104 2015-03-04] (AV Security Software) [File not signed] <==== ATTENTION R2 PrivoxyService; C:\Program Files (x86)\Jelbrus Secure Web\privoxy.exe [371200 2015-03-07] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] Task: {5ECCE46D-12AC-4B29-8679-B80F178792DB} - System32\Tasks\Giga Perfect Uninstaller => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-04] () Task: {97321C05-0E82-4C01-87F1-B520F01FEB96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {A17F9894-8E31-43AB-9A87-E91B7E2ADE04} - System32\Tasks\Malware Cleaner => C:\Users\Kuba\AppData\Roaming\65F3.tmp.exe <==== ATTENTION Task: {F52ED5AF-2C3B-440C-B310-E6518C55342D} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-07] (Jelbrus) <==== ATTENTION Task: {FB1E4864-E505-4E29-9297-93DBEB617894} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-03-07] (Jelbrus) BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5 [2015-03-07] C:\Program Files (x86)\Jelbrus Secure Web C:\Program Files (x86)\PrivateVPN C:\Users\Kuba\AppData\Roaming\65F3.tmp C:\Users\Kuba\AppData\Roaming\NetMon C:\Windows\mlwps.exe C:\windows\SysWOW64\temp.* File: C:\windows\SysWOW64\tasks.dll RemoveProxy: Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. Live Malware Protection => Service deleted successfully. PrivoxyService => Service deleted successfully. gupdate => Service deleted successfully. gupdatem => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ECCE46D-12AC-4B29-8679-B80F178792DB}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ECCE46D-12AC-4B29-8679-B80F178792DB}" => Key Deleted successfully. C:\Windows\System32\Tasks\Giga Perfect Uninstaller => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Giga Perfect Uninstaller" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97321C05-0E82-4C01-87F1-B520F01FEB96}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97321C05-0E82-4C01-87F1-B520F01FEB96}" => Key Deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A17F9894-8E31-43AB-9A87-E91B7E2ADE04}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A17F9894-8E31-43AB-9A87-E91B7E2ADE04}" => Key Deleted successfully. C:\Windows\System32\Tasks\Malware Cleaner => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => Key Deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F52ED5AF-2C3B-440C-B310-E6518C55342D} => Key not found. C:\Windows\System32\Tasks\Jelbrus Secure Web Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB1E4864-E505-4E29-9297-93DBEB617894}" => Key Deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1E4864-E505-4E29-9297-93DBEB617894}" => Key Deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key Deleted successfully. C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value deleted successfully. HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully. HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully. HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\46e8892acb6c0d0e86909049e28d3dd5 => Moved successfully. C:\Program Files (x86)\Jelbrus Secure Web => Moved successfully. C:\Program Files (x86)\PrivateVPN => Moved successfully. C:\Users\Kuba\AppData\Roaming\65F3.tmp => Moved successfully. C:\Users\Kuba\AppData\Roaming\NetMon => Moved successfully. C:\Windows\mlwps.exe => Moved successfully. C:\windows\SysWOW64\temp.* => Moved successfully. ========================= File: C:\windows\SysWOW64\tasks.dll ======================== MD5: B7C401ADF09B81B0145B3C645B707357 Creation and modification date: 2015-03-05 19:44 - 2015-03-16 19:44 Size: 0073728 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ========= RemoveProxy: ========= HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-3839221274-3043303846-3843884880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:34:27 ====