Fix result of Farbar Recovery Scan Tool (x64) Version:06-01-2015 Ran by Lori (2016-01-07 11:33:09) Run:4 Running from C:\Users\Lori\Desktop Loaded Profiles: Lori (Available Profiles: Lori & Kevin) Boot Mode: Normal ============================================== fixlist content: ***************** Quote Start CreateRestorePoint: CloseProcesses: C:\Program Files (x86)\Coupons Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\...\MountPoints2: {b4f47fa1-c0b7-11e1-9f47-806e6f6e6963} - E:\autorun.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Homepage: hxxp://www.swagbucks.com/ FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-08-29] (Catalina Marketing Corporation) C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.) C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.) S4 Adobe Licensing Console; %SystemRoot%\SysWOW64\lnsecsl.exe [X] <==== ATTENTION C:\Windows\SysWOW64\lnsecsl.exe Task: {31F06778-5715-4A8D-80E1-158178D07FC7} - \RGames Updater -> No File <==== ATTENTION Task: {4694A421-2AFF-46A5-AAF0-8751CD69BD15} - System32\Tasks\{4283809D-B8EA-446C-A2B1-D0363064B4EC} => pcalua.exe -a C:\Users\Lori\Downloads\winsdk_web.exe -d C:\Users\Lori\Downloads Task: {4B603C5E-1951-4E99-82A7-5493A727B773} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION Task: {7F12BF8A-F3D3-45E8-959B-9FB86821E432} - \ASUS P4G -> No File <==== ATTENTION Task: {88A39CD7-6E9B-4305-A7F4-9ED28AC40566} - \ASUS SmartLogon Console Sensor -> No File <==== ATTENTION Task: {91755DCA-2A97-448D-BC6B-3B89DF6FD251} - \ASUS Live Update -> No File <==== ATTENTION Task: {A5B09C30-519C-408D-9668-3855DE6FFE00} - \RunGadgetController -> No File <==== ATTENTION Task: {C36BFB74-120C-4EF1-99DC-D5BA61726B41} - \ATKOSD2 -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end ***************** Quote => Error: No automatic fix found for this entry. Restore point was successfully created. Processes closed successfully. "C:\Program Files (x86)\Coupons" => not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully "HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4f47fa1-c0b7-11e1-9f47-806e6f6e6963}" => key removed successfully HKCR\CLSID\{b4f47fa1-c0b7-11e1-9f47-806e6f6e6963} => key not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully FF Homepage: hxxp://www.swagbucks.com/ => not found "C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll" => not found. "C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll" => not found. "C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found. "C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found. CouponPrinterService => service not found. Adobe Licensing Console => service not found. "C:\Windows\SysWOW64\lnsecsl.exe" => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31F06778-5715-4A8D-80E1-158178D07FC7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31F06778-5715-4A8D-80E1-158178D07FC7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RGames Updater" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4694A421-2AFF-46A5-AAF0-8751CD69BD15}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4694A421-2AFF-46A5-AAF0-8751CD69BD15}" => key removed successfully C:\windows\System32\Tasks\{4283809D-B8EA-446C-A2B1-D0363064B4EC} => not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4283809D-B8EA-446C-A2B1-D0363064B4EC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B603C5E-1951-4E99-82A7-5493A727B773}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B603C5E-1951-4E99-82A7-5493A727B773}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F12BF8A-F3D3-45E8-959B-9FB86821E432}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F12BF8A-F3D3-45E8-959B-9FB86821E432}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS P4G" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88A39CD7-6E9B-4305-A7F4-9ED28AC40566}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A39CD7-6E9B-4305-A7F4-9ED28AC40566}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS SmartLogon Console Sensor" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91755DCA-2A97-448D-BC6B-3B89DF6FD251}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91755DCA-2A97-448D-BC6B-3B89DF6FD251}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B09C30-519C-408D-9668-3855DE6FFE00}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B09C30-519C-408D-9668-3855DE6FFE00}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunGadgetController" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C36BFB74-120C-4EF1-99DC-D5BA61726B41}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36BFB74-120C-4EF1-99DC-D5BA61726B41}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ATKOSD2" => key removed successfully HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn => key not found. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC => key not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {DDED1D61-59D4-401F-BF90-44CADD78A81C}. 0 out of 1 jobs canceled. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= EmptyTemp: => 393.7 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 11:36:05 ====