Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014 Ran by Remek at 2014-11-18 20:03:57 Run:2 Running from C:\Users\Remek\Downloads Loaded Profile: Remek (Available profiles: Remek & serwis) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: S0 Lbd; system32\DRIVERS\Lbd.sys [X] Task: {615DE320-375D-4EDB-8DAE-2930E930388F} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: HKLM-x32 {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} C:\aaw7boot.log C:\Program Files\SkanerOnline C:\Program Files (x86)\Astroburn Toolbar C:\Program Files (x86)\FlashGet Network C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\Java C:\Program Files (x86)\Lavasoft C:\Program Files (x86)\Opera C:\Program Files (x86)\SupTab C:\Program Files (x86)\Temp C:\Program Files (x86)\v9Soft C:\ProgramData\Ask C:\ProgramData\Astroburn Lite C:\ProgramData\boost_interprocess C:\ProgramData\Lavasoft C:\ProgramData\McAfee C:\ProgramData\Norton C:\ProgramData\NortonInstaller C:\ProgramData\Oracle C:\ProgramData\Partner C:\ProgramData\Sun C:\ProgramData\{*}.log C:\Users\Remek\AppData\Local\cache C:\Users\Remek\AppData\Local\genienext C:\Users\Remek\AppData\Local\globalUpdate C:\Users\Remek\AppData\Local\Opera Software C:\Users\Remek\AppData\Local\Sunbelt Software C:\Users\Remek\AppData\Local\uninst.tmp C:\Users\Remek\AppData\LocalLow\boost_interprocess C:\Users\Remek\AppData\LocalLow\facemoods.com C:\Users\Remek\AppData\LocalLow\Oracle C:\Users\Remek\AppData\LocalLow\Sun C:\Users\Remek\AppData\LocalLow\Temp C:\Users\Remek\AppData\Roaming\FlashGet C:\Users\Remek\AppData\Roaming\FlashGetBHO C:\Users\Remek\AppData\Roaming\Mozilla\Firefox\Profiles\sd9ervls.default C:\Users\Remek\AppData\Roaming\Opera Software C:\Users\Remek\AppData\Roaming\ISXX C:\Users\Remek\AppData\Roaming\NSUROF C:\Users\Remek\AppData\Roaming\RI C:\Users\Remek\AppData\Roaming\SELU C:\Users\Remek\AppData\Roaming\VIQHFUCG C:\Users\Remek\AppData\Roaming\WEMJ C:\Windows\SysWOW64\rp_rules.dat C:\Windows\SysWOW64\rp_stats.dat CMD: sc config Eventlog start= auto Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f EmptyTemp: ***************** Processes closed successfully. Lbd => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615DE320-375D-4EDB-8DAE-2930E930388F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615DE320-375D-4EDB-8DAE-2930E930388F}" => Key deleted successfully. C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully. C:\Windows\Tasks\Ad-Aware Update (Weekly).job => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key Deleted successfully. "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key Deleted successfully. "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key Deleted successfully. "HKCR\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}" => Key Deleted successfully. "HKCR\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key Deleted successfully. "HKCR\Wow6432Node\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key not found. C:\aaw7boot.log => Moved successfully. C:\Program Files\SkanerOnline => Moved successfully. C:\Program Files (x86)\Astroburn Toolbar => Moved successfully. C:\Program Files (x86)\FlashGet Network => Moved successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\Java => Moved successfully. "C:\Program Files (x86)\Lavasoft" => File/Directory not found. C:\Program Files (x86)\Opera => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. C:\Program Files (x86)\Temp => Moved successfully. C:\Program Files (x86)\v9Soft => Moved successfully. C:\ProgramData\Ask => Moved successfully. C:\ProgramData\Astroburn Lite => Moved successfully. C:\ProgramData\boost_interprocess => Moved successfully. C:\ProgramData\Lavasoft => Moved successfully. C:\ProgramData\McAfee => Moved successfully. C:\ProgramData\Norton => Moved successfully. C:\ProgramData\NortonInstaller => Moved successfully. C:\ProgramData\Oracle => Moved successfully. C:\ProgramData\Partner => Moved successfully. C:\ProgramData\Sun => Moved successfully. C:\ProgramData\{*}.log => Moved successfully. C:\Users\Remek\AppData\Local\cache => Moved successfully. C:\Users\Remek\AppData\Local\genienext => Moved successfully. C:\Users\Remek\AppData\Local\globalUpdate => Moved successfully. C:\Users\Remek\AppData\Local\Opera Software => Moved successfully. C:\Users\Remek\AppData\Local\Sunbelt Software => Moved successfully. C:\Users\Remek\AppData\Local\uninst.tmp => Moved successfully. C:\Users\Remek\AppData\LocalLow\boost_interprocess => Moved successfully. C:\Users\Remek\AppData\LocalLow\facemoods.com => Moved successfully. C:\Users\Remek\AppData\LocalLow\Oracle => Moved successfully. C:\Users\Remek\AppData\LocalLow\Sun => Moved successfully. C:\Users\Remek\AppData\LocalLow\Temp => Moved successfully. C:\Users\Remek\AppData\Roaming\FlashGet => Moved successfully. C:\Users\Remek\AppData\Roaming\FlashGetBHO => Moved successfully. C:\Users\Remek\AppData\Roaming\Mozilla\Firefox\Profiles\sd9ervls.default => Moved successfully. C:\Users\Remek\AppData\Roaming\Opera Software => Moved successfully. C:\Users\Remek\AppData\Roaming\ISXX => Moved successfully. C:\Users\Remek\AppData\Roaming\NSUROF => Moved successfully. C:\Users\Remek\AppData\Roaming\RI => Moved successfully. C:\Users\Remek\AppData\Roaming\SELU => Moved successfully. C:\Users\Remek\AppData\Roaming\VIQHFUCG => Moved successfully. C:\Users\Remek\AppData\Roaming\WEMJ => Moved successfully. C:\Windows\SysWOW64\rp_rules.dat => Moved successfully. C:\Windows\SysWOW64\rp_stats.dat => Moved successfully. ========= sc config Eventlog start= auto ========= [SC] ChangeServiceConfig SUKCES ========= End of CMD: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f ========= Bť¤D: Odmowa dost©pu. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f ========= Bť¤D: Odmowa dost©pu. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f ========= Bť¤D: Odmowa dost©pu. ========= End of Reg: ========= ========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f ========= Bť¤D: Odmowa dost©pu. ========= End of Reg: ========= EmptyTemp: => Removed 551.5 MB temporary data. The system needed a reboot. ==== End of Fixlog ====