Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015 Ran by TonyO (2016-01-03 14:10:20) Run:1 Running from C:\Users\TonyO\Desktop Loaded Profiles: TonyO (Available Profiles: TonyO & test) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden C:\Program Files (x86)\Lavasoft\Web Companion FirewallRules: [{CA42D759-A5E4-4028-8A11-8F70501511C4}] => (Allow) C:\Users\TonyO\AppData\Local\Temp\nstBDD3.tmp\Installer-75984393.exe FirewallRules: [{F3FCC906-4262-4A61-998F-A37608ABB867}] => (Allow) C:\Users\TonyO\AppData\Local\Temp\nstBDD3.tmp\Installer-75984393.exe HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-22] (Lavasoft) HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {86091af8-78ae-11e5-9bcc-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {86091f36-78ae-11e5-9bcc-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {d4a72161-07fa-11e5-9886-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> DefaultScope {FC9E205A-0FE1-49AC-A7C3-026D8877239F} URL = SearchScopes: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> {A1ABB554-EED7-4C94-A891-5D622B2A1F61} URL = BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHJlwBBwhEGBgSdAsLTA1CGQAOeQEAVRQQQgUVJggJUl9BGQUFIk0FA18DB0VXfWFoKB8fHHdPIUNdE30UQFlQ FF user.js: detected! => C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\user.js [2015-10-02] FF Extension: ADB Helper - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\adbhelper@mozilla.org [2015-11-13] FF Extension: Yahoo! Toolbar - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-01-03] FF Extension: Blazer Deals - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{79641bb2-aadb-4a4c-bb66-863556c04fa9}.xpi [2015-10-02] [not signed] R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-22] (Lavasoft Limited) S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-22] () CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully C:\Program Files (x86)\Lavasoft\Web Companion => moved successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA42D759-A5E4-4028-8A11-8F70501511C4} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3FCC906-4262-4A61-998F-A37608ABB867} => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\S-1-5-21-664253536-2428268681-3679085427-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value not found. "HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86091af8-78ae-11e5-9bcc-f065dd647e32}" => key removed successfully HKCR\CLSID\{86091af8-78ae-11e5-9bcc-f065dd647e32} => key not found. "HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86091f36-78ae-11e5-9bcc-f065dd647e32}" => key removed successfully HKCR\CLSID\{86091f36-78ae-11e5-9bcc-f065dd647e32} => key not found. "HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a72161-07fa-11e5-9886-f065dd647e32}" => key removed successfully HKCR\CLSID\{d4a72161-07fa-11e5-9886-f065dd647e32} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A1ABB554-EED7-4C94-A891-5D622B2A1F61}" => key removed successfully HKCR\CLSID\{A1ABB554-EED7-4C94-A891-5D622B2A1F61} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. HKU\S-1-5-21-664253536-2428268681-3679085427-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. Firefox "homepage" removed successfully C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\user.js => not found. C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\adbhelper@mozilla.org => moved successfully C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => moved successfully C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{79641bb2-aadb-4a4c-bb66-863556c04fa9}.xpi => moved successfully LavasoftTcpService => service not found. SearchProtectionService => service not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.8.10240 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {0F807BB8-93D4-4A18-8A45-27AC41270C0B}. {27F44AB6-0562-444F-98B7-48159C13A994} canceled. {426998E2-52F3-4778-9851-D078F4B5D0D7} canceled. {14DB447C-5C6F-4536-8C89-ED822E4064E7} canceled. {BE6D0A00-783B-4E74-AED6-145AFA4C1EB5} canceled. {9A129783-6C2B-499A-B7C0-AA9EE223894E} canceled. 5 out of 6 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-664253536-2428268681-3679085427-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 1.5 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 14:13:29 ====