CloseProcesses:
CreateRestorePoint:
C:\Program Files (x86)\Lavasoft\Web Companion
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [9574112 2015-12-09] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E282DCD1-0B0F-4E80-A06D-FDF2745541B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E282DCD1-0B0F-4E80-A06D-FDF2745541B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011916-A0138A8547457478FA6F&form=CONBDF&conlogo=CT3331967&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011916-A0138A8547457478FA6F&form=CONBDF&conlogo=CT3331967&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={64A03EB5-A4AD-4D77-B592-F2BA43270172}&mid=13601538d22947cd9d7b719a87b8d2c5-e0b04eeee112b39570aaf3a21f7f9b7ec731fc9a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-22 13:04:59&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?FORM=SL5KDF&PC=SL5K&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> {E282DCD1-0B0F-4E80-A06D-FDF2745541B2} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-17] (AVG)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll => No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1242277392-240876926-1791514536-1002 -> No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF Plugin HKU\S-1-5-21-1242277392-240876926-1791514536-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Pat\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [712432 2015-12-09] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-01-18] (Lavasoft Limited)
C:\Users\Public\Desktop\Lavasoft AdAwareBrowser.lnk
2016-01-18 22:13 - 2016-01-18 22:13 - 00000000 ____D C:\Users\Pat\AppData\Roaming\LavasoftStatistics
2016-01-18 22:12 - 2016-01-19 13:22 - 00002904 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-01-18 22:12 - 2016-01-19 13:22 - 00002904 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-01-18 22:12 - 2016-01-18 22:42 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Lavasoft
2016-01-18 22:12 - 2016-01-18 22:13 - 00000000 ____D C:\Users\Pat\AppData\Local\Lavasoft
2016-01-18 22:12 - 2016-01-18 22:13 - 00000000 ____D C:\searchplugins
2016-01-18 22:12 - 2016-01-18 22:11 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-01-18 22:11 - 2016-01-19 18:12 - 00002409 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-01-18 22:11 - 2016-01-18 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-18 22:11 - 2016-01-18 22:11 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-01-18 22:11 - 2016-01-18 22:11 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-01-18 22:10 - 2016-01-18 22:10 - 00000000 ____D C:\Program Files\Lavasoft
2016-01-18 22:08 - 2016-01-18 22:08 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-01-18 22:07 - 2016-01-18 22:11 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-18 22:07 - 2016-01-18 22:07 - 02012464 _____ C:\Users\Pat\Downloads\Adaware_Installer.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: