Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2020
Ran by Jakub (16-09-2020 19:38:50) Run:1
Running from C:\Users\Jakub\Desktop
Loaded Profiles: Jakub
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {E6A15BCE-F515-49CD-810C-A1A99CD0B80C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {9CAEC63D-1415-443E-9FC9-869B180922BA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-05-15] () [File not signed]
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-09-09 11:43 - 2020-09-09 11:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-09-16 18:54 - 2020-03-27 20:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-16 18:54 - 2020-03-27 20:53 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-16 18:54 - 2020-03-27 20:53 - 000003044 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jakub\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\RedFox:AnyDVD [71]
SearchScopes: HKLM -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://
www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://
www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2288483603-1338874448-2592321515-1001 -> {9029EFEA-BC37-45FB-BF73-7D163285F429} URL = hxxp://
www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
FirewallRules: [UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe] => (Allow) C:\program files\dvdfab 11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe] => (Allow) C:\program files\dvdfab11\dvdfab64.exe => No File
FirewallRules: [UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE => No File
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A15BCE-F515-49CD-810C-A1A99CD0B80C}" => removed successfully
C:\WINDOWS\System32\Tasks\Nero\Nero Info => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CAEC63D-1415-443E-9FC9-869B180922BA}" => removed successfully
C:\WINDOWS\System32\Tasks\klcp_update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removed successfully
C:\WINDOWS\system32\DrtmAuth9.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth8.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth7.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth6.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth5.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth4.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth3.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth2.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth12.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth11.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth10.bin => moved successfully
C:\WINDOWS\system32\DrtmAuth1.bin => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\system32\Tasks\Antivirus Emergency Update => moved successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\ProgramData\RedFox => ":AnyDVD" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
HKU\S-1-5-21-2288483603-1338874448-2592321515-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9029EFEA-BC37-45FB-BF73-7D163285F429} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8951B25B-BD88-4690-BD21-50F1CD6F7FA8}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98A99E5E-8A66-4FD0-85EA-5A6518DEF3C3}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{16FB010F-C3A6-45A7-B54F-733654ABC08A}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4AAAE2C-0E20-40F2-8612-B12E8BDB75F3}C:\program files\dvdfab 11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8D71D5FA-43E5-4EA4-9F66-FAB5E172ABA6}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B975411-6A12-4391-B058-0CCD9033E121}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78469251-FC03-44C6-A507-27EED7050347}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BE259881-AE21-4349-A3F1-89BEBDC01428}C:\program files\dvdfab11\dvdfab64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{50CE8288-FE8C-4494-8499-BB082C4174DA}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BFA37EC-EC82-4999-9640-0C50131DFFBE}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F029FF1F-A74E-4E9F-923C-7D3F9AB4C414}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 263313408 B
Java, Flash, Steam htmlcache => 1142 B
Windows/system/drivers => 101357 B
Edge => 1373931 B
Chrome => 1273542962 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 226514 B
NetworkService => 242362 B
Jakub => 64437859 B
RecycleBin => 185293 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:45:13 ====