Fix result of Farbar Recovery Scan Tool (x86) Version: 08-01-2017
Ran by Tommy (10-01-2017 13:21:54) Run:1
Running from C:\Users\Tommy\Desktop
Loaded Profiles: Tommy (Available Profiles: Tommy & guest_ & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-365035492-1695249228-1794944439-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
IFEO\addrbook.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\brctrcen.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\brinstck.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\brmfcwnd.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\brolink0.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\brscutil.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\driverbooster.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\pcfxset.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vmnetcfg.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vmplayer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\vmware.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs [2017-01-02] ()
InternetURL: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL -> URL: file:///C:/Users/Tommy/AppData/Roaming/Climfhkkt.exe
Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js [2017-01-02] ()
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyUsers\S-1-5-21-365035492-1695249228-1794944439-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-365035492-1695249228-1794944439-1005\User: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.findeer.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.findeer.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.findeer.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-04-10] <==== ATTENTION
S1 A2DDA; \??\C:\EEK\RUN\a2ddax86.sys [X]
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {6B40D41A-9031-4040-BADE-7D61D426ABDA} - System32\Tasks\{4BF10F89-DE1C-4FC6-A245-D6398973D473} => pcalua.exe -a "C:\Program Files\easyMule\Uninstall.exe" -d C:\Users\Tommy\AppData\Local\Temp\easymule <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2B11E0DF [236]
AlternateDataStreams: C:\ProgramData\Temp:A73B0434 [109]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [124]
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully.
HKU\S-1-5-21-365035492-1695249228-1794944439-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\addrbook.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brctrcen.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brinstck.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brmfcwnd.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brolink0.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\brscutil.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\driverbooster.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pcfxset.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\unins000.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vmnetcfg.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vmplayer.exe => key removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vmware.exe => key removed successfully.
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClWindows Media Centerert.vbs => moved successfully
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Center.URL => moved successfully
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CWindows Media Centerts.js => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-365035492-1695249228-1794944439-1006\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-365035492-1695249228-1794944439-1005\User => moved successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\A2DDA => key removed successfully.
A2DDA => service removed successfully.
HKLM\System\CurrentControlSet\Services\cleanhlp => key removed successfully.
cleanhlp => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\lvupdtio => key removed successfully.
lvupdtio => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B40D41A-9031-4040-BADE-7D61D426ABDA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B40D41A-9031-4040-BADE-7D61D426ABDA} => key removed successfully.
C:\Windows\System32\Tasks\{4BF10F89-DE1C-4FC6-A245-D6398973D473} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BF10F89-DE1C-4FC6-A245-D6398973D473} => key removed successfully.
C:\ProgramData\Temp => ":2B11E0DF" ADS removed successfully..
C:\ProgramData\Temp => ":A73B0434" ADS removed successfully..
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully..
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage => moved successfully
C:\Users\Tommy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 456347031 B
Java, Flash, Steam htmlcache => 2824 B
Windows/system/drivers => 297372 B
Edge => 0 B
Chrome => 5688767 B
Firefox => 227562926 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 877 B
LocalService => 132244 B
NetworkService => 214710 B
Tommy => 8559561 B
aga => 0 B
guest_ => 2593454 B
Guest => 1041769 B

RecycleBin => 0 B
EmptyTemp: => 677.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:32:43 ====