Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Sandra at 2015-04-03 10:14:05 Run:2 Running from C:\Users\Sandra\Desktop Loaded Profiles: Sandra (Available profiles: Sandra) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StormWatch] => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe" HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION URLSearchHook: HKU\S-1-5-21-1549872881-2707188407-3888870972-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File 2015-04-03 08:49 - 2015-04-03 08:49 - 01577472 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe 2015-04-02 07:34 - 2015-04-02 20:29 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-01 20:34 - 2015-04-03 07:34 - 00001346 _____ () C:\WINDOWS\Tasks\disco_savings_notification_service.job 2015-04-01 20:34 - 2015-04-02 20:30 - 00001042 _____ () C:\WINDOWS\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC.job 2015-04-01 20:34 - 2015-04-02 20:29 - 00000708 _____ () C:\WINDOWS\Tasks\disco_savings_updating_service.job 2015-04-01 20:34 - 2015-04-01 20:34 - 00004340 _____ () C:\WINDOWS\System32\Tasks\disco_savings_notification_service 2015-04-01 20:34 - 2015-04-01 20:34 - 00004044 _____ () C:\WINDOWS\System32\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC 2015-04-01 20:34 - 2015-04-01 20:34 - 00003702 _____ () C:\WINDOWS\System32\Tasks\disco_savings_updating_service 2015-04-01 20:34 - 2015-04-01 20:34 - 00000000 ____D () C:\Program Files (x86)\disco savings 2015-04-01 20:29 - 2015-04-02 20:27 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547 2015-04-01 20:28 - 2015-04-01 20:28 - 00819144 _____ (Google Inc.) C:\Users\Sandra\Desktop\chrome_installer.exe 2015-04-01 20:26 - 2015-04-01 20:26 - 00000064 _____ () C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99 2015-04-01 20:26 - 2015-04-01 20:26 - 00000000 ____D () C:\Program Files (x86)\user extensions 2015-04-01 20:25 - 2015-04-01 20:25 - 00000000 ____D () C:\ProgramData\{73959B56-2317-4AD0-9291-3A524213E9DC} 2015-03-31 03:14 - 2015-03-31 03:14 - 00005655 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC 2015-03-11 09:34 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC 2015-04-03 08:49 - 2015-04-03 08:49 - 1577472 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe 2015-04-01 20:26 - 2015-04-01 20:26 - 0000064 _____ () C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99 C:\Program Files (x86)\StormWatch C:\Program Files (x86)\Itibiti Soft Phone Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset C:\Program Files (x86)\StormWatch C:\Program Files (x86)\Itibiti Soft Phone EmptyTemp: CMD: bitsadmin /reset /allusers ***************** Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StormWatch => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully. C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe => Moved successfully. C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully. C:\WINDOWS\Tasks\disco_savings_notification_service.job => Moved successfully. C:\WINDOWS\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC.job => Moved successfully. C:\WINDOWS\Tasks\disco_savings_updating_service.job => Moved successfully. C:\WINDOWS\System32\Tasks\disco_savings_notification_service => Moved successfully. C:\WINDOWS\System32\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC => Moved successfully. C:\WINDOWS\System32\Tasks\disco_savings_updating_service => Moved successfully. C:\Program Files (x86)\disco savings => Moved successfully. C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547 => Moved successfully. C:\Users\Sandra\Desktop\chrome_installer.exe => Moved successfully. C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99 => Moved successfully. C:\Program Files (x86)\user extensions => Moved successfully. C:\ProgramData\{73959B56-2317-4AD0-9291-3A524213E9DC} => Moved successfully. C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC => Moved successfully. C:\WINDOWS\system32\ApnDatabase.xml => Moved successfully. "C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC" => File/Directory not found. "C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe" => File/Directory not found. "C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99" => File/Directory not found. "C:\Program Files (x86)\StormWatch" => File/Directory not found. C:\Program Files (x86)\Itibiti Soft Phone => Moved successfully. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully. HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset c:\resetlog.txt ========= Resetting Interface, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::947c:ce94:1d7f:f3e7%4 Default Gateway . . . . . . . . . : Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection* 12 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Ethernet while it has its media disconnected. Wireless LAN adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::947c:ce94:1d7f:f3e7%4 IPv4 Address. . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Interface, OK! Resetting , failed. Access is denied. Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= "C:\Program Files (x86)\StormWatch" => File/Directory not found. "C:\Program Files (x86)\Itibiti Soft Phone" => File/Directory not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {3DF7F1A0-989D-4C77-8405-98CD59F142AF} canceled. {23A824E6-90E9-4D1F-B678-30D1B6417E71} canceled. 2 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 67.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:15:05 ====