Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member
    Join Date
    Jan 2016
    Posts
    9
    Points
    0

    Default Is my computer clean now?

    Hello there. I have recently found and saved video files from a very old Motorola Razr phone onto an SD card (by old I mean from 2007!). When I play the files on my computer there is no sound. The files are 3gp files, so I searched the internet and realized I need to convert them to avi or wmv in order for the sound to come through. So I found a program on cnet and installed it and tried to convert the files to no avail...I believe it was a program called Pazera? I can't remember the exact program, but that one sounds right. Anyway, as the program was converting the files, McAfee (what came with my new computer) kept saying it was blocking things and then all of a sudden everything went crazy and Mcafee said I had a virus, trojans were being caught every few seconds, and nothing worked on the computer anymore. So I pushed and held the power button to shut down. I restarted in safe mode and tried to uninstall all programs that had just been installed, and there were a few - I remember one was called Sunny Day. Anyway, as soon as I restarted in regular mode, I disconnected this PC from the internet. I got on my husband's computer and pulled up this forum. I was already aware of all the programs listed in the "before you post read this" thread and had all intentions of installing them on my PC anyway, but I had not gotten around to it as of yet...So I saved the exe files to a flash drive, installed them on my infected system and followed the instructions in this forum. I was not connected to the internet when I ran the SuperAntiSpyware scan. The program didn't find any problems...so then I moved on to mbam and wondered if not connecting to the internet was keeping my viruses at bay and "hidden" from the scan...sure enough, when I connected to the internet, I started to get all kinds of pop ups and a message that could not be shut down across the middle of the screen about my copy of windows not being valid and to click here to reinstall windows blah blah blah. I ran the MBAM scan and followed the rest of the instructions on how to remove spyware and malware listed in this forum. I have attached my MBAM and Hijack This logs. Please let me know if my system is clean or if further steps are required to restore the integrity of my system...I also downloaded and ran CCleaner after all viruses were removed by MBAM. Thanks.
    Melissa

    PS. I tried to attach my log files but for some reason it would not let me?? I have copied/pasted the text of the logs below. Sorry!

    MBAM LOG:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/20/2016
    Scan Time: 11:16 PM
    Logfile: mbamlog.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.20.07
    Rootkit Database: v2016.01.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: craig

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 394286
    Time Elapsed: 34 min, 24 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 2
    PUP.Optional.ConvertAd, C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85\knsm662.tmpfs, 2588, , [3cab27141683bd79b92dc119f50c827e]
    PUP.Optional.VBates, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 5420, , [b2350d2e3960cf678155f95f788acd33]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 35
    PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\posinojyzbt, , [3cab27141683bd79b92dc119f50c827e],
    PUP.Optional.Cherimoya, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, , [9f489f9c8f0aa78ff904dd0128dc8d73],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, , [b2350d2e3960cf678155f95f788acd33],
    PUP.Optional.VBates, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, , [b2350d2e3960cf678155f95f788acd33],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, , [b2350d2e3960cf678155f95f788acd33],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}, , [b2350d2e3960cf678155f95f788acd33],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, , [03e4fd3ee0b9c274ba1f9fb9de24a65a],
    Rootkit.Agent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, , [3daa211a2b6e0036be8dd80634ce946c],
    PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [a5423efdf0a989ad0caae0f48181649c],
    PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [aa3de952f7a2a492daddb51f4bb7ec14],
    PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [93546ad126739e989226dff5f60c35cb],
    PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASAPI32, , [8d5a64d7e1b8191d13203ef26a9ad42c],
    PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\Allpcoptimizer_RASMANCS, , [975095a6afeabe78bf7474bcdb2921df],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [edfa0a31d5c4a690a70f795bae545aa6],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [d21553e80396b08605b23a9a867c38c8],
    PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [b0370c2f1485aa8cc2f6795bfb07768a],
    PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [509754e7e1b88ea808c8b436ec17a759],
    PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, , [cc1bc972d6c3ae88577aa77fa262dd23],
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [ebfca299e9b09a9c0cacce1aea19e818],
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER, , [3fa8b586cbce34021b09909c9a6a54ac],
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}, , [796e2f0c6831b2843a7b0d9e43c00df3],
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}, , [bb2cf5463a5f0d29bafb545700030ef2],
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}, , [44a3fb4063364fe7773e35768b7856aa],
    PUP.Optional.Tuto4PC, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\TutoTag, , [db0c3704cbcee5512f85edfb9f64916f],
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}, , [f9ee1526cfcaf83eaf06bfec1ae9de22],

    Registry Values: 14
    PUP.Optional.OnePCOptimizer, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windi, C:\ProgramData\DataFile\Downloads\Windi.exe, , [0adda9921a7f10267932bc3ab64dc040]
    PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{20BF5928-CB1B-4F86-a311-40DC7EE12F70}, C:\Program Files\groover200120160316\Firefox\{20BF5928-CB1B-4F86-a311-40DC7EE12F70}.xpi, , [29beea514c4dfa3c53668427857ed52b]
    PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_005010212, , [ab3cfa419efb999d668b9a2937cc43bd],
    PUP.Optional.Groover.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{20BF5928-CB1B-4F86-a311-40DC7EE12F70}, C:\Program Files\groover200120160316\Firefox\{20BF5928-CB1B-4F86-a311-40DC7EE12F70}.xpi, , [5d8ac6755643ce68edccffac48bb44bc]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 962AA465-7CD3-494C-8E60-917AEE4ABD38, , [ebfca299e9b09a9c0cacce1aea19e818]
    Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER|DisplayName, bsdriver, , [3fa8b586cbce34021b09909c9a6a54ac]
    PUP.Optional.DownServe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{75E3B616-023B-4087-B0DF-4EC7D6285B8A}, v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe|Name=Microsoft .Net Framework v2.0.507237 ALP (X86)_Client|Security=Authenticate|Security2_9=An-NoEncap|, , [b334e55662378ea8c31d49e602021ee2]
    PUP.Optional.DownServe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B8235245-0364-4854-AE08-7E0C4D8701AE}, v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe|Name=Microsoft .Net Framework v2.0.507237 ALP (X86)|Security=Authenticate|Security2_9=An-NoEncap|, , [11d674c7d1c81521577ab7769d67629e]
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}|Name, C:\Program Files\groover200120160316\Egecpaj.exe, , [796e2f0c6831b2843a7b0d9e43c00df3]
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}|Name, C:\Program Files\groover200120160316\Egecpaj.exe, , [bb2cf5463a5f0d29bafb545700030ef2]
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}|Name, C:\Program Files\groover200120160316\Egecpaj.exe, , [44a3fb4063364fe7773e35768b7856aa]
    Trojan.Agent, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Application, C:\Users\Public\Documents\windows.exe, , [2abd84b76d2c3501b35af0b04fb43ec2]
    Trojan.ScamAlert, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windi, C:\ProgramData\DataFile\Downloads\Windi.exe, , [5d8a62d97524b58105574ede6d9751af]
    PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\{0DCC0DD6-E03A-4985-8A29-0B0AD2630CD9}|Name, C:\Program Files\groover200120160316\Egecpaj.exe, , [f9ee1526cfcaf83eaf06bfec1ae9de22]

    Registry Data: 7
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{203b39b4-a482-48fd-8f67-d6863447971f}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[f0f767d429700333ac257e4047bdf10f]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[6a7d75c67623989ea72af2cc62a27d83]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{47a7f605-2a95-45c5-a45f-2ce71a068ef5}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[ebfcb08b76232511c809d4ea3ec6629e]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6770503c-24bd-4eb2-a959-14f50cccb0ed}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[b82f51ea5d3ced496b6619a5a262956b]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{800a765b-9834-4d94-9de2-9d9fa60210f2}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[c52216257e1b6acc775a2c92ea1a38c8]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{c806c672-65d9-4f6f-982b-4b334a8b76dc}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[ba2de2592b6eba7c458c18a60cf8cf31]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e19ec08e-a30a-11e5-b088-806e6f6e6963}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),,[fee9310ad3c6e0566869734b7a8ac43c]

    Folders: 24
    PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile, , [0adda9921a7f10267932bc3ab64dc040],
    PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\Downloads, , [0adda9921a7f10267932bc3ab64dc040],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\Company\Product\1.0, , [b82f1922dabf41f599022ecba55ea15f],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\Company\Product, , [b82f1922dabf41f599022ecba55ea15f],
    PUP.Optional.DownServe, C:\Program Files (x86)\Microsoft.NET\v2.0.507237, , [33b4c873debb9c9a9b330c217c88d12f],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\DefualtImages, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\EngineFirstTimeDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog\images, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog\Images, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, , [687f27140297db5bd966765637cb837d],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, , [687f27140297db5bd966765637cb837d],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, , [687f27140297db5bd966765637cb837d],
    Adware.LaSuperba, C:\uninst, , [4e9971ca6534e74fbadcab3c8f75e11f],

    Files: 85
    PUP.Optional.ConvertAd, C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85\knsm662.tmpfs, , [3cab27141683bd79b92dc119f50c827e],
    PUP.Optional.Cherimoya, C:\Windows\System32\drivers\cherimoya.sys, , [9f489f9c8f0aa78ff904dd0128dc8d73],
    PUP.Optional.VBates, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, , [b2350d2e3960cf678155f95f788acd33],
    PUP.Optional.ConvertAd, C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85\rnsk1B34.exe, , [bf287dbe2178bc7ab4332caef0116c94],
    PUP.Optional.ConvertAd, C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85\vnsbF8A7.tmp, , [40a7f04bebae52e4875fdffb649ddf21],
    Adware.PennyBee, C:\Windows\Temp\bobca\Vufah.exe, , [5b8c8caf6237a78f653c6d5f3bc6748c],
    Rogue.TechSupportScam, C:\Windows\amdave64Win.exe, , [e403d3687f1ace6844ee449708f94fb1],
    Rogue.TechSupportScam, C:\Windows\SysFix.exe, , [24c3c378f5a44de954dedefda1600ef2],
    Rogue.TechSupportScam, C:\Windows\winLoad32.exe, , [e8ff1d1ef9a0999d3cfc4497d22fcb35],
    Rootkit.Agent.A, C:\Windows\System32\drivers\cherimoya.sys, , [3daa211a2b6e0036be8dd80634ce946c],
    PUP.Optional.WebSearch, C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\searchplugins\Web Search.xml, , [5c8b86b530691125332157955ea53dc3],
    PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\sysTech.txt, , [0adda9921a7f10267932bc3ab64dc040],
    PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\Update.xml, , [0adda9921a7f10267932bc3ab64dc040],
    PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\Downloads\Windi.exe, , [0adda9921a7f10267932bc3ab64dc040],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, , [b82f1922dabf41f599022ecba55ea15f],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, , [b82f1922dabf41f599022ecba55ea15f],
    PUP.Optional.SwagBucks, C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\searchplugins\swagbucks.xml, , [c42384b712875adc55081d0f6d97b947],
    PUP.Optional.DownServe, C:\Program Files (x86)\Microsoft.NET\v2.0.507237\corecfg.ini, , [33b4c873debb9c9a9b330c217c88d12f],
    PUP.Optional.DownServe, C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe, , [33b4c873debb9c9a9b330c217c88d12f],
    Trojan.ScamAlert, C:\ProgramData\DataFile\Downloads\Windi.exe, , [5d8a62d97524b58105574ede6d9751af],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_73_226_CT2260173_Images_634027234058280000_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_73_226_CT2260173_images_634673604687122295_20PX_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_eula_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_SearchEngines_stocks_search_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\DefualtImages\icon.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\EngineFirstTimeDialog\right-click.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog\images\ok-button.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog\images\separation-line.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\NewSearchProtectorDialog\images\warning.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images\information.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog\Images\info.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog\Images\ok-on.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorDialog\Images\ok.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\divider.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.SwagBucks, C:\Users\Melissa\AppData\LocalLow\Swag_Bucks\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, , [3fa82615fc9d999d4ba8d1f4a55d748c],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, , [687f27140297db5bd966765637cb837d],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, , [687f27140297db5bd966765637cb837d],
    PUP.Optional.VBates, C:\Users\craig\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, , [687f27140297db5bd966765637cb837d],
    Adware.LaSuperba, C:\uninst\uninstall.html, , [4e9971ca6534e74fbadcab3c8f75e11f],
    PUP.Optional.HomePageHelper, C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://homepage-web.com), ,[3bac3b00abee4fe7d89207e29c6829d7]
    PUM.Optional.FireFoxSearchOverride, C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\user.js, , [984fa992851448ee435a65824db731cf],
    PUP.Optional.HijackHosts.Gen, C:\Windows\System32\gig\tae\iiteg.dat, , [39ae8ab129700a2c0654ffe4956fac54],

    Physical Sectors: 0
    (No malicious items detected)


    (end)





    HJT LOG:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:47:46 AM, on 1/21/2016
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.10586.0020)

    FIREFOX: 43.0.4 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Users\craig\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Users\craig\AppData\Local\Amazon Music\Amazon Music Helper.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe
    C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Lite.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    E:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
    O4 - HKLM\..\Run: [BackupNowEZ4Tray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe" -k
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\craig\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [Amazon Music] "C:\Users\craig\AppData\Local\Amazon Music\Amazon Music Helper.exe"
    O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28L144P605R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - Startup: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk = ?
    O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAHConsole.exe
    O4 - Global Startup: Update Notifier.lnk = C:\Program Files\WinZip\WZUpdateNotifier.exe
    O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.amazon.com
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @oem4.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
    O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
    O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NTI Backup Now EZ 4 Scheduler - Unknown owner - C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
    O23 - Service: TOSRMService - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14799 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi! My name is zep516 and Welcome to Help2go!
    Looks like we missed you. It's better to paste the log files in anyway!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Please download and run these two scans next and post the log files from them.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • The report will be saved in the C:\AdwCleaner folder.


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;

    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log



    Thanks
    Joe
    Last edited by zep516; 01-24-2016 at 08:57 PM.

  3. The Following User Says Thank You to zep516 For This Useful Post:


  4. #3
    Member
    Join Date
    Jan 2016
    Posts
    9
    Points
    0

    Default

    Thanks so much for taking time to reply! I downloaded and ran AdwCleaner and attached are the two logs it generated - the one before the cleaning process and the one it generated after the reboot of my system. It found my coupon printer exe file and I unchecked it to keep it as I know it is safe - have been using it on all of my computers for years. I downloaded and ran JRT as well and I see it automatically deleted my couponprinter file lol! It also found my Swagbucks files and deleted them, which are also from a legitimate program that I have been using for years. Those are easy fixes so no worries. I have pasted the log texts below. Thanks again for all of your help!

    AdwCleaner log #1:

    # AdwCleaner v5.030 - Logfile created 25/01/2016 at 00:19:18
    # Updated 17/01/2016 by Xplode
    # Database : 2016-01-19.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : craig - LAPTOP-129MG3TR
    # Running from : C:\Users\craig\Downloads\adwcleaner_5.030.exe
    # Option : Scan
    # Support : Forum - ToolsLib

    ***** [ Services ] *****

    Service Found : CouponPrinterService

    ***** [ Folders ] *****

    Folder Found : C:\Program Files (x86)\Coupons
    Folder Found : C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

    ***** [ Files ] *****


    ***** [ DLL ] *****

    File Infected : C:\WINDOWS\SysNative\dnsapi.dll
    File Infected : C:\WINDOWS\SysWOW64\dnsapi.dll

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{07A195F5-4F2F-4BD3-98FC-A93BF03D0418}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D87110DC-8028-43F7-82C3-778204BCF744}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07A195F5-4F2F-4BD3-98FC-A93BF03D0418}
    Key Found : HKCU\Software\DAILYPCCLEAN
    Key Found : HKCU\Software\Microsoft\Tinstalls
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU

    ***** [ Web browsers ] *****

    [C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "Web Search");

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1798 bytes] ##########



    AdwCleaner Log #2:

    # AdwCleaner v5.030 - Logfile created 25/01/2016 at 00:21:36
    # Updated 17/01/2016 by Xplode
    # Database : 2016-01-19.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : craig - LAPTOP-129MG3TR
    # Running from : C:\Users\craig\Downloads\adwcleaner_5.030.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib

    ***** [ Services ] *****

    [x] Service Not Deleted : CouponPrinterService

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\Coupons
    [-] Folder Deleted : C:\Program Files (x86)\66CFC735-1453258659-9F4D-9ED5-EF30309CCE85
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

    ***** [ Files ] *****


    ***** [ DLLs ] *****

    [-] File Disinfected : C:\WINDOWS\SysNative\dnsapi.dll
    [-] File Disinfected : C:\WINDOWS\SysWOW64\dnsapi.dll

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07A195F5-4F2F-4BD3-98FC-A93BF03D0418}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D87110DC-8028-43F7-82C3-778204BCF744}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07A195F5-4F2F-4BD3-98FC-A93BF03D0418}
    [-] Key Deleted : HKCU\Software\DAILYPCCLEAN
    [-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU

    ***** [ Web browsers ] *****

    [-] [C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Web Search");

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1992 bytes] ##########


    JRT Log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.2 (01.06.2016)
    Operating System: Windows 10 Home x64
    Ran by craig (Administrator) on Mon 01/25/2016 at 0:37:28.90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 5

    Successfully deleted: C:\Users\craig\AppData\Local\nico mak computing (Folder)
    Successfully deleted: C:\Users\craig\Appdata\LocalLow\company (Folder)
    Successfully deleted: C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\extensions\shopearn@prodege.com.xpi (File)
    Successfully deleted: C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\searchplugins\swagbucks.xml (File)
    Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)

    Deleted the following from C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\prefs.js
    user_pref(browser.newtab.url, hxxp://search.swagbucks.com/?f=51);
    user_pref(browser.startup.homepage, hxxps://www.malwarebytes.org/restorebrowser//?s=toshibaupd&m=start|hxxp://search.swagbucks.com/?f=51);



    Registry: 2

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\CouponPrinterService (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FF91E75D-695D-4AB1-BCB2-715B7A8FB546} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/25/2016 at 0:39:25.35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  5. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Lets take another look at things. This is a diagnostics scan and will not delete anything. Post both log reports. Important to download to the desktop.

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  6. The Following User Says Thank You to zep516 For This Useful Post:


  7. #5
    Member
    Join Date
    Jan 2016
    Posts
    9
    Points
    0

    Default

    Sorry about not downloading to the desktop - I tried to change where Microsoft Edge saves downloads but I cannot find the option to do so...So instead I started using FireFox, which does have that option readily available. Would you like me to re-run them after moving them to the desktop? Or delete the previous exe files and re-download to the desktop via FireFox? That wouldn't be a problem for me if that is needed! Thanks for helping and sorry again! Here are the logs from Farbar.

    FRST.txt log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
    Ran by craig (administrator) on LAPTOP-129MG3TR (25-01-2016 21:46:47)
    Running from C:\Users\craig\Desktop
    Loaded Profiles: craig (Available Profiles: craig)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (SweetLabs, Inc) C:\Users\craig\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Users\craig\AppData\Local\Amazon Music\Amazon Music Helper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
    (Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
    () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\stritz.exe
    (Microsoft Corporation) C:\Windows\HelpPane.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-12-14] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-21] (Dropbox, Inc.)
    HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1093832 2014-11-06] (NTI Corporation)
    HKLM-x32\...\Run: [sun3] => [X]
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-22] (AVAST Software)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [Amazon Music] => C:\Users\craig\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\RunOnce: [RunCanonMsetUp] => C:\Program Files (x86)\Canon\IJ_MSetup4\MCDCHK2.EXE
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-22] (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-01-21]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-01-21]
    ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-01-21]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
    Startup: C:\Users\craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk [2016-01-25]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
    Tcpip\..\Interfaces\{203b39b4-a482-48fd-8f67-d6863447971f}: [DhcpNameServer] 75.75.76.76 75.75.75.75
    Tcpip\..\Interfaces\{800a765b-9834-4d94-9de2-9d9fa60210f2}: [DhcpNameServer] 40.42.1.201 40.42.1.203

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://start.new.toshiba.com?cid=H15C3
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C3
    SearchScopes: HKU\S-1-5-21-2292373485-339341811-2322791137-1001 -> DefaultScope {FF91E75D-695D-4AB1-BCB2-715B7A8FB546} URL =
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-22] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-22] (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

    Edge:
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-2292373485-339341811-2322791137-1001 -> hxxp://swagbucks.com/

    FireFox:
    ========
    FF ProfilePath: C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default
    FF Homepage: Swagbucks - Free Gift Cards for Paid Surveys and More
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
    FF Extension: Ebates Cash Back - C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-01-19]
    FF Extension: SwagButton - C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\extensions\shopearn@prodege.com.xpi [2016-01-25]
    FF Extension: Toshiba Defaults - C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\Extensions\defaults@toshiba.com [2016-01-05]
    FF Extension: iCloud Bookmarks - C:\Users\craig\AppData\Roaming\Mozilla\Firefox\Profiles\y0akowxd.default\Extensions\firefoxdav@icloud.com [2015-12-28]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-22]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-22]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-09-17] (Amazon Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-22] (AVAST Software)
    R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-10-09] (Broadcom Corporation.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-28] (Dropbox, Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-08-25] (Intel Corporation)
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-12-14] (Synaptics Incorporated)
    R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-22] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-22] (AVAST Software)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-10-09] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-12-14] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
    U2 TMAgent; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-25 21:46 - 2016-01-25 21:47 - 00023976 _____ C:\Users\craig\Desktop\FRST.txt
    2016-01-25 21:45 - 2016-01-25 21:46 - 00000000 ____D C:\FRST
    2016-01-25 21:43 - 2016-01-25 21:45 - 02370560 _____ (Farbar) C:\Users\craig\Desktop\FRST64.exe
    2016-01-25 20:18 - 2016-01-25 20:18 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
    2016-01-25 20:12 - 2016-01-25 20:12 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
    2016-01-25 20:10 - 2016-01-25 20:18 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2016-01-25 20:10 - 2016-01-25 20:12 - 00000000 ____D C:\Users\craig\AppData\Roaming\canon
    2016-01-25 20:10 - 2014-03-18 05:00 - 00408576 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMCA.DLL
    2016-01-25 20:09 - 2016-01-25 20:09 - 00000000 ____D C:\WINDOWS\system32\STRING
    2016-01-25 20:09 - 2016-01-25 20:09 - 00000000 ____D C:\Users\craig\AppData\LocalLow\Canon Easy-WebPrint EX2
    2016-01-25 20:09 - 2016-01-25 20:09 - 00000000 ____D C:\Users\craig\AppData\LocalLow\Canon Easy-WebPrint EX
    2016-01-25 20:09 - 2016-01-25 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series User Registration
    2016-01-25 20:09 - 2016-01-25 20:09 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
    2016-01-25 20:09 - 2014-03-17 14:15 - 00380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
    2016-01-25 20:09 - 2014-03-17 14:15 - 00375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
    2016-01-25 20:09 - 2014-03-17 14:15 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
    2016-01-25 20:09 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_CAL.dll
    2016-01-25 20:09 - 2013-12-02 12:51 - 00096000 _____ C:\WINDOWS\SysWOW64\CNC177FD.TBL
    2016-01-25 20:09 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
    2016-01-25 20:08 - 2016-01-25 20:08 - 00002105 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
    2016-01-25 20:08 - 2016-01-25 20:08 - 00000000 ____D C:\ProgramData\CanonIJWSpt
    2016-01-25 20:04 - 2016-01-25 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2016-01-25 20:04 - 2016-01-25 20:08 - 00000000 ____D C:\Program Files\Canon
    2016-01-25 20:03 - 2016-01-25 20:03 - 00002446 _____ C:\Users\Public\Desktop\Canon MG5600 series On-screen Manual.lnk
    2016-01-25 20:03 - 2016-01-25 20:03 - 00000000 ___HD C:\Program Files\CanonBJ
    2016-01-25 20:03 - 2016-01-25 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual
    2016-01-25 20:03 - 2014-03-18 05:00 - 00406016 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCA.DLL
    2016-01-25 19:58 - 2016-01-25 20:12 - 00000000 ____D C:\Program Files (x86)\Canon
    2016-01-25 09:45 - 2016-01-25 09:45 - 00000000 ____D C:\Users\craig\AppData\Local\Nico Mak Computing
    2016-01-25 00:19 - 2016-01-25 00:21 - 00000000 ____D C:\AdwCleaner
    2016-01-22 23:56 - 2016-01-22 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2016-01-22 23:56 - 2016-01-22 23:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2016-01-22 23:56 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
    2016-01-22 23:43 - 2016-01-22 23:41 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-01-22 23:42 - 2016-01-22 23:43 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-01-22 23:42 - 2016-01-22 23:42 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2016-01-22 23:42 - 2016-01-22 23:42 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-01-22 23:42 - 2016-01-22 23:42 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-01-22 23:42 - 2016-01-22 23:42 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2016-01-22 23:42 - 2016-01-22 23:42 - 00000000 ____D C:\Users\craig\AppData\Roaming\AVAST Software
    2016-01-22 23:42 - 2016-01-22 23:41 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-01-22 23:42 - 2016-01-22 23:41 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-01-22 23:42 - 2016-01-22 23:41 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-01-22 23:42 - 2016-01-22 23:41 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-01-22 23:42 - 2016-01-22 23:41 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-01-22 23:41 - 2016-01-22 23:41 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-01-22 23:40 - 2016-01-22 23:40 - 00001195 _____ C:\Users\Public\Desktop\Trend Micro Internet Security Installer.lnk
    2016-01-22 23:35 - 2016-01-22 23:35 - 00000000 ___HD C:\OneDriveTemp
    2016-01-22 23:29 - 2016-01-22 23:32 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForcraig.job
    2016-01-22 23:29 - 2016-01-22 23:29 - 00003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForcraig
    2016-01-21 10:46 - 2016-01-21 10:46 - 00065750 _____ C:\Users\craig\OneDrive\Documents\cc_20160121_104610.reg
    2016-01-21 08:48 - 2016-01-21 08:48 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2016-01-21 08:48 - 2016-01-21 08:48 - 00000000 ____D C:\Users\craig\AppData\Local\WinZip
    2016-01-21 08:48 - 2016-01-21 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-01-21 08:48 - 2016-01-21 08:48 - 00000000 ____D C:\Program Files\WinZip
    2016-01-21 00:02 - 2016-01-25 00:52 - 00000000 ____D C:\Users\craig\Desktop\Spyware Programs
    2016-01-20 23:21 - 2016-01-20 23:21 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-20 23:21 - 2016-01-20 23:21 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-20 23:16 - 2016-01-20 23:16 - 00000000 ____D C:\Program Files\AVAST Software
    2016-01-20 23:15 - 2016-01-22 23:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-20 23:14 - 2016-01-20 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-20 23:14 - 2016-01-20 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-20 23:14 - 2016-01-20 23:14 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-01-20 23:14 - 2016-01-20 23:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-20 23:14 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-20 23:14 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-20 23:14 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-20 21:53 - 2016-01-20 21:53 - 00000000 ____D C:\Users\craig\AppData\Roaming\SUPERAntiSpyware.com
    2016-01-20 21:53 - 2016-01-20 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-01-20 21:52 - 2016-01-22 23:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-01-20 19:21 - 2016-01-20 19:21 - 00000363 _____ C:\Users\craig\Desktop\Control Panel - Shortcut.lnk
    2016-01-20 19:16 - 2016-01-20 21:08 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-01-19 22:22 - 2016-01-19 22:22 - 00000000 ____D C:\WINDOWS\system32\gig
    2016-01-19 22:15 - 2016-01-19 22:15 - 00000000 ____D C:\Users\craig\AppData\Local\Tempfolder
    2016-01-19 22:14 - 2016-01-19 22:14 - 00003424 _____ C:\WINDOWS\System32\Tasks\Dagutaf
    2016-01-19 22:01 - 2016-01-19 22:12 - 00000000 ____D C:\Users\craig\Desktop\Movies from pink razr
    2016-01-19 21:13 - 2016-01-19 21:13 - 00000000 ____D C:\ProgramData\Motorola
    2016-01-19 21:12 - 2016-01-20 19:23 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
    2016-01-19 21:12 - 2016-01-19 21:12 - 00003614 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
    2016-01-19 21:12 - 2016-01-19 21:12 - 00003438 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Initial Update
    2016-01-19 21:12 - 2016-01-19 21:12 - 00000000 ____D C:\Users\craig\AppData\Roaming\Motorola Mobility
    2016-01-19 21:12 - 2016-01-19 21:12 - 00000000 ____D C:\Temp
    2016-01-19 21:12 - 2016-01-19 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
    2016-01-19 21:12 - 2016-01-19 21:12 - 00000000 ____D C:\Program Files (x86)\Motorola
    2016-01-19 21:11 - 2016-01-19 21:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_motmodem_01009.Wdf
    2016-01-19 21:11 - 2016-01-19 21:11 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2016-01-19 21:10 - 2016-01-19 21:10 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
    2016-01-19 21:09 - 2016-01-19 21:09 - 00000000 ____D C:\Users\craig\AppData\Roaming\Motorola
    2016-01-19 05:18 - 2016-01-19 05:18 - 00000198 _____ C:\WINDOWS\sc.bat
    2016-01-19 05:11 - 2016-01-19 05:11 - 00020480 _____ () C:\WINDOWS\SysInfo.exe
    2016-01-16 17:26 - 2016-01-21 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2016-01-13 15:29 - 2016-01-13 15:29 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2016-01-13 14:59 - 2016-01-25 00:59 - 00014787 _____ C:\Users\craig\Desktop\Biggest Loser between friends 1-13 to 2-21.xlsx
    2016-01-12 13:40 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-12 13:40 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-01-12 13:40 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-01-12 13:40 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-12 13:40 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-12 13:40 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-12 13:40 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-12 13:40 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-12 13:40 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-01-12 13:40 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-12 13:40 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-01-12 13:40 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-01-12 13:40 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-01-12 13:40 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-12 13:40 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-01-12 13:40 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-12 13:40 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-12 13:40 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-12 13:40 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-12 13:40 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-12 13:40 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-12 13:40 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-12 13:40 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-12 13:40 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-01-12 13:40 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-01-12 13:40 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-01-12 13:40 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-01-12 13:40 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-01-12 13:40 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-01-12 13:40 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-01-12 13:40 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-01-12 13:40 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-01-12 13:40 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-01-12 13:40 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-12 13:40 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-01-12 13:40 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-01-12 13:40 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-12 13:40 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-12 13:40 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-01-12 13:40 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-01-12 13:40 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-12 13:40 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-12 13:40 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-01-12 13:40 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-01-12 13:40 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-01-12 13:40 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-01-12 13:40 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-01-12 13:40 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-01-12 13:40 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-12 13:40 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-01-12 13:40 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-01-12 13:40 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-12 13:40 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-01-12 13:40 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-12 13:40 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-12 13:40 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-12 13:40 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-01-12 13:40 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-01-12 13:40 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-12 13:40 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-01-12 13:40 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-12 13:40 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-12 13:40 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-01-12 13:39 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-01-12 13:39 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2016-01-12 13:39 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-12 13:39 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-01-12 13:39 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-01-12 13:39 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-01-12 13:39 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-01-12 13:39 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-12 13:39 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-01-12 13:39 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-12 13:39 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-01-12 13:39 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-12 13:39 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-12 13:39 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-09 15:37 - 2016-01-09 15:40 - 00000000 ____D C:\Users\craig\Desktop\My Files(LAPTOP-129MG3TR)
    2016-01-08 09:18 - 2016-01-08 09:19 - 03030672 _____ (Coupons.com Incorporated) C:\Users\craig\Downloads\CouponPrinterCPS.exe
    2016-01-08 08:53 - 2016-01-13 18:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-07 04:08 - 2016-01-07 04:08 - 00195217 _____ C:\WINDOWS\keywords.txt
    2016-01-06 13:17 - 2016-01-06 13:17 - 00000000 ____D C:\Users\craig\AppData\Local\Macromedia
    2016-01-06 13:08 - 2016-01-25 21:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-06 13:08 - 2016-01-19 20:09 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-01-06 13:08 - 2016-01-06 13:10 - 00000000 ____D C:\Users\craig\AppData\Local\Adobe
    2016-01-05 22:05 - 2016-01-05 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
    2016-01-05 22:05 - 2016-01-05 22:05 - 00000000 ____D C:\Program Files (x86)\SDA
    2016-01-05 21:37 - 2016-01-05 21:37 - 00000420 _____ C:\Users\craig\Desktop\This PC.lnk
    2016-01-05 13:13 - 2015-10-22 16:00 - 01016408 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64BP22.dll
    2016-01-05 13:13 - 2015-06-27 12:11 - 03134296 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\UCI64A96.dll
    2016-01-05 13:09 - 2016-01-05 13:09 - 00000000 ____D C:\Users\craig\AppData\Roaming\WinBatch
    2016-01-03 09:48 - 2016-01-20 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\SWSetup
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\Sony Corporation
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\PopCap Games
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\ClubSanDisk
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\CanonBJ
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\ProgramData\AOP
    2016-01-03 09:48 - 2016-01-03 09:48 - 00000000 ____D C:\HP
    2016-01-03 09:47 - 2016-01-03 09:47 - 00000000 ____D C:\Users\Melissa\AppData\Local\Cyberlink
    2016-01-03 09:47 - 2016-01-03 09:47 - 00000000 ____D C:\Users\Melissa\AppData\Local\Comms
    2016-01-03 09:47 - 2016-01-03 09:47 - 00000000 ____D C:\Users\Melissa\AppData\Local\Amazon Music
    2016-01-03 09:46 - 2016-01-03 09:46 - 00000000 ____D C:\Users\Melissa\AppData\Local\Mozilla
    2016-01-03 09:41 - 2016-01-03 09:46 - 00000000 ____D C:\Users\Melissa\AppData\Local\Packages
    2016-01-03 09:41 - 2016-01-03 09:41 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\.minecraft
    2016-01-03 09:41 - 2016-01-03 09:41 - 00000000 ____D C:\Users\Melissa\AppData\LocalLow\Swag_Bucks
    2016-01-03 09:41 - 2016-01-03 09:41 - 00000000 ____D C:\Users\Melissa\AppData\LocalLow\Conduit
    2016-01-03 09:41 - 2016-01-03 09:41 - 00000000 ____D C:\Users\Melissa\AppData\Local\Torch
    2016-01-03 09:41 - 2016-01-03 09:41 - 00000000 ____D C:\Users\Melissa\AppData\Local\TileDataLayer
    2016-01-03 09:39 - 2016-01-03 09:40 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\.technic
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\Desktop\BodyCombat62
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\Desktop\BeachBody & Fitness Docs
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Thunderbird
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Sony Corporation
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\School Zone Preferences
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Mozilla
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\CyberLink
    2016-01-03 09:38 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Apple Computer
    2016-01-03 09:37 - 2016-01-03 09:38 - 00000000 ____D C:\Users\Melissa\Desktop\BodyCombat63
    2016-01-03 09:37 - 2016-01-03 09:37 - 00000000 ____D C:\Users\Melissa\Desktop\BodyVive33
    2016-01-03 09:36 - 2016-01-03 09:36 - 00000000 ____D C:\Users\Melissa\Desktop\Minecraft
    2016-01-03 09:36 - 2016-01-03 09:36 - 00000000 ____D C:\Users\Melissa\Desktop\Important docs
    2016-01-03 09:36 - 2016-01-03 09:36 - 00000000 ____D C:\Users\Melissa\Desktop\Health Care Receipts submitted
    2016-01-03 09:36 - 2016-01-03 09:36 - 00000000 ____D C:\Users\Melissa\Desktop\BodyVive34 -3.1
    2016-01-03 09:31 - 2016-01-03 09:36 - 00000000 ____D C:\Users\Melissa\Desktop\Pics
    2016-01-03 09:31 - 2016-01-03 09:31 - 00000000 ____D C:\Users\Melissa\Desktop\Respect Dare
    2016-01-03 09:31 - 2015-05-26 17:28 - 00010979 _____ C:\Users\Melissa\Desktop\index of CDs.xlsx
    2016-01-03 09:28 - 2015-11-23 18:26 - 00302204 _____ C:\Users\Melissa\Downloads\lifetouch_20151123172616.pdf
    2016-01-03 09:28 - 2015-11-23 18:23 - 00251293 _____ C:\Users\Melissa\Downloads\lifetouch_20151123172336.pdf
    2016-01-03 09:28 - 2015-11-21 23:43 - 00075196 _____ C:\Users\Melissa\Downloads\177659718357403.pdf
    2016-01-03 09:28 - 2015-03-31 07:08 - 00052152 _____ C:\Users\Melissa\Downloads\PowerUpRewardsCoupon.pdf
    2016-01-03 09:28 - 2015-02-10 14:04 - 06179666 _____ C:\Users\Melissa\Downloads\45 second presentation BOOK(1) (1)-2 (1).pdf
    2016-01-03 09:28 - 2013-07-14 01:06 - 00039916 _____ C:\Users\Melissa\Downloads\paine_sat_5_0.pdf
    2016-01-03 09:26 - 2016-01-03 09:28 - 00000000 ____D C:\Users\Melissa\MediaEspresso
    2016-01-03 08:55 - 2016-01-03 08:55 - 00000000 ____D C:\Users\Melissa\SkyDrive
    2016-01-03 08:43 - 2016-01-22 23:01 - 00000000 ____D C:\Users\Melissa
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension-167
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension-163
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension-161
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension-160
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension-159
    2016-01-03 08:43 - 2016-01-03 08:46 - 00000000 ____D C:\Users\Public\SBExtension.bkp.1424353961
    2016-01-03 08:28 - 2016-01-03 08:28 - 00002152 _____ C:\Users\Public\Desktop\NTI Backup Now EZ 4.lnk
    2016-01-03 08:28 - 2016-01-03 08:28 - 00000000 ____D C:\ProgramData\NTIReg
    2016-01-03 08:28 - 2016-01-03 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ 4
    2016-01-03 08:28 - 2016-01-03 08:28 - 00000000 ____D C:\ProgramData\BUNEZv4
    2016-01-03 08:28 - 2016-01-03 08:28 - 00000000 ____D C:\Program Files (x86)\NTI
    2016-01-03 08:27 - 2016-01-05 22:03 - 00000000 ____D C:\Users\craig\AppData\Local\Downloaded Installations
    2016-01-03 08:24 - 2016-01-03 08:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2016-01-02 14:07 - 2016-01-02 14:07 - 00512232 _____ C:\Users\craig\Downloads\PanelPg-1215-en-G2.pdf
    2016-01-02 14:02 - 2016-01-02 14:02 - 00276726 _____ C:\Users\craig\Downloads\accessory_g2_en.pdf
    2015-12-28 21:59 - 2015-12-28 21:59 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-12-28 21:59 - 2015-12-28 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-12-28 21:59 - 2015-12-28 21:59 - 00000000 ____D C:\Program Files\iTunes
    2015-12-28 21:59 - 2015-12-28 21:59 - 00000000 ____D C:\Program Files\iPod
    2015-12-28 21:59 - 2015-12-28 21:59 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-12-28 12:17 - 2015-12-28 12:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-12-28 12:10 - 2015-12-28 12:12 - 00012957 _____ C:\Users\craig\Desktop\10-1-15 through12-28-15.CSV
    2015-12-28 10:30 - 2015-12-28 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-28 10:24 - 2015-12-28 10:24 - 00000000 ____D C:\Users\craig\AppData\Roaming\Dropbox
    2015-12-28 10:23 - 2016-01-25 21:28 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2015-12-28 10:23 - 2016-01-25 10:28 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2015-12-28 10:23 - 2015-12-28 10:35 - 00000000 ____D C:\Users\craig\AppData\Local\Dropbox
    2015-12-28 10:23 - 2015-12-28 10:23 - 00003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2015-12-28 10:23 - 2015-12-28 10:23 - 00003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2015-12-28 10:23 - 2015-12-28 10:23 - 00000000 ____D C:\ProgramData\Dropbox
    2015-12-28 10:20 - 2016-01-25 09:45 - 00000000 ___RD C:\Users\craig\iCloudDrive
    2015-12-28 10:20 - 2015-12-28 10:20 - 00000000 ____D C:\Users\craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-12-28 10:20 - 2015-12-28 10:20 - 00000000 ____D C:\Users\craig\AppData\Local\Apple Inc
    2015-12-28 10:17 - 2016-01-19 19:41 - 00003504 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
    2015-12-26 23:14 - 2015-12-26 23:14 - 00000000 ____D C:\Users\craig\AppData\Local\Trend Micro
    2015-12-26 22:55 - 2015-12-26 22:55 - 00000000 ____D C:\ProgramData\Trend Micro Installer
    2015-12-26 22:28 - 2015-12-26 22:55 - 220418400 _____ (Trend Micro Inc.) C:\Users\craig\Downloads\TTi_10.0_MR_Full.exe
    2015-12-26 17:28 - 2015-12-26 17:28 - 00000000 ____D C:\Program Files (x86)\Amazon
    2015-12-26 15:23 - 2015-12-26 15:23 - 00000000 ____D C:\Users\craig\AppData\Roaming\Hewlett-Packard

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-25 21:45 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
    2016-01-25 20:35 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-25 20:30 - 2015-12-14 13:00 - 00000000 ____D C:\Users\craig\AppData\Local\Packages
    2016-01-25 20:24 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-25 20:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-01-25 20:10 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-01-25 20:09 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-01-25 19:13 - 2015-12-14 15:41 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{91B51E05-CFA8-40DE-BBB9-12F13879DE2C}
    2016-01-25 19:10 - 2015-12-14 12:58 - 00000000 ____D C:\Users\craig\AppData\Local\Host App Service
    2016-01-25 09:45 - 2015-12-14 13:04 - 00000000 ___RD C:\Users\craig\OneDrive
    2016-01-25 09:44 - 2015-12-15 04:10 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-01-25 09:44 - 2015-12-14 13:00 - 00000000 __SHD C:\Users\craig\IntelGraphicsProfiles
    2016-01-25 00:28 - 2015-10-09 03:10 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-25 00:24 - 2015-12-15 04:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-25 00:23 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-23 15:29 - 2015-12-14 13:33 - 00000000 ____D C:\Users\craig\AppData\Local\Microsoft Help
    2016-01-22 23:56 - 2015-10-09 03:47 - 00000000 ____D C:\ProgramData\Temp
    2016-01-22 23:33 - 2015-10-09 04:13 - 00000000 ____D C:\ProgramData\McAfee
    2016-01-22 23:32 - 2015-12-14 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-22 23:29 - 2015-12-22 23:14 - 00000000 ____D C:\Users\craig\AppData\Local\Hewlett-Packard
    2016-01-22 23:02 - 2015-12-22 22:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2016-01-22 23:02 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-01-22 23:02 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-01-22 23:01 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
    2016-01-21 10:47 - 2015-12-14 13:00 - 00000000 ____D C:\Users\craig\AppData\Local\VirtualStore
    2016-01-21 10:04 - 2015-12-15 07:04 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-21 08:48 - 2015-10-09 03:54 - 00000000 ____D C:\ProgramData\WinZip
    2016-01-21 08:47 - 2015-12-14 13:07 - 00001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2016-01-21 02:19 - 2015-12-14 16:09 - 01388432 _____ C:\Users\Public\VOIP.dat
    2016-01-20 23:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\IME
    2016-01-20 21:14 - 2015-10-09 03:08 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-01-20 19:23 - 2015-10-09 03:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-01-18 15:12 - 2015-12-14 15:43 - 00001254 _____ C:\Users\craig\Desktop\Amazon Music.lnk
    2016-01-18 15:12 - 2015-12-14 15:42 - 00000000 ____D C:\Users\craig\AppData\Local\Amazon Music
    2016-01-14 17:22 - 2015-12-14 16:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-14 17:18 - 2015-12-14 16:06 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-13 18:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-13 15:30 - 2015-12-14 13:33 - 00000000 ____D C:\ProgramData\Microsoft Help
    2016-01-13 15:29 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-12 13:33 - 2015-12-22 23:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
    2016-01-12 13:32 - 2015-12-22 23:30 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2016-01-05 13:15 - 2015-10-09 03:34 - 00001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2016-01-05 13:10 - 2015-12-14 13:03 - 00000000 ____D C:\Users\craig\AppData\Local\Toshiba
    2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-29 23:25 - 2015-12-22 23:16 - 00000000 ____D C:\Users\craig\AppData\Roaming\HpUpdate
    2015-12-28 21:59 - 2015-12-14 16:07 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-12-28 10:32 - 2015-12-15 04:14 - 00000000 ____D C:\Users\craig
    2015-12-28 10:31 - 2015-10-09 04:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2015-12-28 10:28 - 2015-12-14 16:09 - 00000000 ____D C:\Users\craig\AppData\Roaming\Apple Computer
    2015-12-28 10:22 - 2015-12-14 16:08 - 00000000 ____D C:\Users\craig\AppData\Local\Apple
    2015-12-28 10:12 - 2015-12-15 04:05 - 00277472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-26 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-26 23:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2015-12-26 17:28 - 2015-10-09 04:08 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    2015-12-26 15:23 - 2015-12-22 23:15 - 00000000 ____D C:\Users\craig\AppData\Local\HP

    ==================== Files in the root of some directories =======

    2015-12-22 23:15 - 2015-12-22 23:15 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Public\VOIP.dat


    Some files in TEMP:
    ====================
    C:\Users\craig\AppData\Local\Temp\McCSPInstall.dll
    C:\Users\craig\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\craig\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\craig\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-20 23:03

    ==================== End of FRST.txt ============================



    Addition.txt log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
    Ran by craig (2016-01-25 21:47:41)
    Running from C:\Users\craig\Desktop
    Windows 10 Home (X64) (2015-12-15 09:36:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2292373485-339341811-2322791137-500 - Administrator - Disabled)
    cavem (S-1-5-21-2292373485-339341811-2322791137-1004 - Limited - Disabled)
    craig (S-1-5-21-2292373485-339341811-2322791137-1001 - Administrator - Enabled) => C:\Users\craig
    DefaultAccount (S-1-5-21-2292373485-339341811-2322791137-503 - Limited - Disabled)
    Guest (S-1-5-21-2292373485-339341811-2322791137-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2292373485-339341811-2322791137-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Amazon 1Button App (HKLM-x32\...\{EBCCD2B7-FCA9-4714-97A4-CBC48E544BB2}) (Version: 2.3.2 - Amazon)
    Amazon Music (HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
    App Explorer (HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\Host App Service) (Version: 0.271.1.237 - SweetLabs)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bluetooth(R) Link (HKLM\...\{936D21BF-3344-4B20-BC4C-3B67580C19F5}) (Version: 4.3.04 - Toshiba Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
    Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
    Canon MG5600 series On-screen Manual (HKLM-x32\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
    Canon MG5600 series User Registration (HKLM-x32\...\Canon MG5600 series User Registration) (Version: - *Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.24.50 - Conexant)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
    CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.)
    CyberLink PhotoDirector 5 (Version: 5.0.6312.0 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5509.05 - CyberLink Corp.)
    Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
    Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
    Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.1 - Mozilla)
    Mozilla Thunderbird 38.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    NTI Backup Now EZ 4 (HKLM-x32\...\InstallShield_{249E38A7-26F9-4C82-A95B-CDA5184A54CF}) (Version: 4.0.2.52 - NTI Corporation)
    NTI Backup Now EZ 4 (x32 Version: 4.0.2.52 - NTI Corporation) Hidden
    Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
    Rory's Restaurant (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SocialSafe (HKLM-x32\...\SocialSafe 7.0.6) (Version: 7.0.6 - Social Safe Limited)
    Spotify (HKLM-x32\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
    SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.2.0 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 8.1.1.0 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.6.6401 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.16 - WildTangent) Hidden
    WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2292373485-339341811-2322791137-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\craig\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2292373485-339341811-2322791137-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02417633-80BC-4C7D-AA33-807A76CC6A1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {067E03CF-9468-4AC6-9C5B-71EA69F71972} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
    Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {0D4A955E-CD92-441B-9159-F821FF838113} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
    Task: {0FF97C88-6B15-4BFF-8DBD-3359CCF5AE0E} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: {1E7C22B0-D670-4C6D-BBBA-385F6AB467E6} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
    Task: {371A6E89-8783-4C67-A119-EA24E8347635} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
    Task: {4A196354-E114-4665-A2B2-600000F2BD6C} - System32\Tasks\Dagutaf => C:\PROGRA~1\GROOVE~1\Fhvuosbi.bat
    Task: {4BD88DD1-D76D-4810-B16B-C3CB4D2ECD92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {58D3572F-DDF6-4CDE-8A16-91B47A113DBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {69175C23-3047-4092-B428-44C7662FA05F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {6B743553-DAF7-400A-8EA0-AA0BF68E3F6B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
    Task: {778ED21C-94F9-47A2-9136-8E0E6F33FF60} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
    Task: {7BC5B83E-7DC1-4655-928B-A4D41E4F3E5E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
    Task: {82DC3075-0C8D-4553-903F-BC1CC1E3484D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {89D97CB2-3DFB-4A96-8082-A0EF7DE98BBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {99A6101A-BB53-409B-859B-C846C73ACFED} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-28] (Dropbox, Inc.)
    Task: {A4151EE9-75E1-43CF-9318-10C4E9EFC134} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
    Task: {C024CCF6-356A-4AA1-840F-E2F93F233D5B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
    Task: {C409C40C-66BF-4CDF-9DC7-032F73DFC814} - System32\Tasks\App Explorer => C:\Users\craig\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2015-12-11] (SweetLabs, Inc)
    Task: {C463CEC3-DDC5-42E8-9F36-A3E14AD976B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {C77BE0A2-70AC-4EDB-B909-5C31616B152F} - System32\Tasks\HPCeeScheduleForcraig => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {D4A79221-4439-4602-B6E4-5FDE31DCB077} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-22] (AVAST Software)
    Task: {DBC4026D-A5A3-448B-87B6-BB1ECCB9011E} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForcraig.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-11-20 14:57 - 2015-11-20 14:57 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-06 17:12 - 2014-11-06 17:12 - 00095432 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
    2015-10-09 04:02 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-15 06:58 - 2015-12-15 06:58 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-15 06:58 - 2015-12-15 06:58 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-01-12 13:40 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-12 13:40 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-08-25 13:22 - 2015-08-25 13:22 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
    2015-12-22 22:27 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-22 22:27 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-12 13:40 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 13:40 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-01-12 13:40 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-15 06:58 - 2015-12-15 06:58 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
    2015-10-30 02:18 - 2015-10-30 04:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
    2015-10-30 02:18 - 2015-10-30 04:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
    2015-10-30 02:18 - 2015-10-30 04:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
    2015-10-30 02:18 - 2015-10-30 04:06 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
    2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
    2015-12-14 15:42 - 2015-12-14 19:43 - 05890368 _____ () C:\Users\craig\AppData\Local\Amazon Music\Amazon Music Helper.exe
    2016-01-22 23:00 - 2016-01-22 23:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-01-25 20:11 - 2013-06-28 10:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2015-12-14 14:38 - 2015-12-14 14:39 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2015-12-14 14:38 - 2015-12-14 14:39 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2015-12-14 14:38 - 2015-12-14 14:39 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-01-25 09:57 - 2016-01-25 09:57 - 06370816 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\stritz.exe
    2016-01-22 23:41 - 2016-01-22 23:41 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-01-22 23:41 - 2016-01-22 23:41 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-01-24 11:24 - 2016-01-24 11:24 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012400\algo.dll
    2016-01-22 23:41 - 2016-01-22 23:41 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-01-25 20:33 - 2016-01-25 20:33 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012501\algo.dll
    2014-11-06 17:12 - 2014-11-06 17:12 - 00065736 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\XMLParser.dll
    2014-11-06 17:12 - 2014-11-06 17:12 - 00053448 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\SendMsgCallbackDll.dll
    2014-11-06 17:12 - 2014-11-06 17:12 - 00073416 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Pehook.DLL
    2015-11-20 14:57 - 2015-11-20 14:57 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-11-20 14:57 - 2015-11-20 14:57 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-12-28 10:28 - 2015-12-21 14:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2015-12-28 10:27 - 2015-12-21 14:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2015-12-28 10:28 - 2015-12-21 14:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2015-12-28 10:28 - 2015-12-21 19:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2015-12-28 10:27 - 2015-12-21 14:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2015-12-28 10:27 - 2015-12-21 14:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2015-12-28 10:28 - 2015-12-21 14:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2015-12-28 10:27 - 2015-11-04 19:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2015-12-28 10:28 - 2015-12-21 19:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2015-12-28 10:27 - 2015-12-21 14:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2015-12-28 10:27 - 2015-12-21 14:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2015-12-28 10:27 - 2015-12-21 19:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2015-12-28 10:27 - 2015-12-21 19:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-28 10:28 - 2015-12-21 14:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-28 10:28 - 2015-12-21 19:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2014-11-06 17:12 - 2014-11-06 17:12 - 00045768 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\NtiPipe.dll
    2014-11-06 17:12 - 2014-11-06 17:12 - 00466032 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\sqlite3.dll
    2016-01-22 23:41 - 2016-01-22 23:41 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-01-22 23:00 - 2016-01-22 23:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 23:00 - 2016-01-22 23:01 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-12-14 13:14 - 2015-12-14 13:24 - 00097944 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\libEGL.dll
    2015-12-14 13:14 - 2015-12-14 13:24 - 02303640 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\libGLESv2.dll
    2015-12-14 13:14 - 2015-12-14 13:24 - 00257536 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\curl.dll
    2015-12-14 13:16 - 2015-12-14 13:24 - 01288192 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\SB_LIBEAY32.dll
    2015-12-14 13:16 - 2015-12-14 13:24 - 00293888 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\SB_SSLEAY32.dll
    2015-12-14 13:16 - 2015-12-14 13:24 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.800.0_x86__kgqvnymyfvs32\zlib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:5C321E34

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\amazon.com -> amazon.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-2292373485-339341811-2322791137-1001\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 06:04 - 2016-01-19 21:56 - 00000967 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\craig\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
    DNS Servers: 75.75.76.76 - 75.75.75.75
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{3E726E74-6065-44F5-BFE1-E9E87D663EB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FC724F37-63D3-4B50-AD18-5649F330B303}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{52057341-F4AC-4D50-8754-6067EDCEF3F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C7EF4028-30F1-4ECE-B507-805AB66EF65C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4AF7CB19-03EE-4CD4-ADDA-F8B7A4369836}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D2581B67-78A4-4719-9D51-38EBD9305D13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B2C559FB-2D74-4679-9BD0-40F6AB0EDB79}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
    FirewallRules: [{3C1885A3-A6E2-49ED-A507-A5CD32AFDE6E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
    FirewallRules: [{D21041CE-073B-4A9E-B717-60256AFB20E2}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
    FirewallRules: [{66E605E7-5E2E-4878-8C94-0C686752A066}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
    FirewallRules: [{75FE8BE4-AA8F-4762-95F9-EE6828230995}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
    FirewallRules: [{73B4AA23-9BA3-4D95-AC17-8B583198D1E1}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
    FirewallRules: [{208BA732-B208-4534-A4D0-4166284E2F3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{D8A14B82-D01E-4FB2-8850-821425B04B92}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
    FirewallRules: [{BABC6A6A-862F-47C9-976A-41448E4BD438}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{746D4C84-37B1-48DB-8901-C76B6FB683CF}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{5A7D7984-1EA0-4CC1-B89C-2FF7B10343FE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{17D76FF3-4C74-41A6-8D10-C86454A75EDD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DC9D02C1-B559-4FAF-95C3-1068C570BAE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{8CA3FBA0-C658-4A2C-8F2E-8077F52DFC5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    21-01-2016 02:21:09 Scheduled Checkpoint
    25-01-2016 00:37:31 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/25/2016 07:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 26684625

    Error: (01/25/2016 07:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 26684625

    Error: (01/25/2016 07:10:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2016 11:45:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4203

    Error: (01/25/2016 11:45:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4203

    Error: (01/25/2016 11:45:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/25/2016 11:35:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program thunderbird.exe version 38.5.1.5840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 146c

    Start Time: 01d1577f99daa19e

    Termination Time: 33

    Application Path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

    Report Id: a8ca86ed-c381-11e5-9bd7-b8868795547c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (01/25/2016 12:37:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (01/25/2016 12:31:33 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (01/25/2016 12:23:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-129MG3TR)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (01/25/2016 07:10:33 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-129MG3TR)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}LAPTOP-129MG3TRcraigS-1-5-21-2292373485-339341811-2322791137-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.22.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

    Error: (01/25/2016 11:45:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/25/2016 12:59:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_4a562 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/25/2016 12:59:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_4a562 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/25/2016 12:59:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_4a562 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/25/2016 12:59:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_4a562 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (01/25/2016 12:59:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (01/25/2016 12:26:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Coupon Printer Service service failed to start due to the following error:
    %%2

    Error: (01/25/2016 12:23:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_40f15 service to connect.

    Error: (01/25/2016 12:23:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_40f15 service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-01-21 10:03:49.871
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-20 21:17:30.631
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-13 18:21:02.461
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-06 04:51:30.851
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-05 22:07:49.820
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-04 03:59:23.745
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-01 03:28:53.085
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-28 10:30:56.797
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-28 10:13:53.893
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-22 22:13:06.462
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-5020U CPU @ 2.20GHz
    Percentage of memory in use: 45%
    Total physical RAM: 6058.14 MB
    Available physical RAM: 3283.72 MB
    Total Virtual: 7018.14 MB
    Available Virtual: 3856.74 MB

    ==================== Drives ================================

    Drive c: (TI10716100B) (Fixed) (Total:930.47 GB) (Free:748.88 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  8. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Your machine is clean.

    A few items to fix, a few left over entries that's all.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [sun3] => [X]
    SearchScopes: HKU\S-1-5-21-2292373485-339341811-2322791137-1001 -> DefaultScope {FF91E75D-695D-4AB1-BCB2-715B7A8FB546} URL = 
    S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
    U2 TMAgent; no ImagePath
    C:\Users\Public\VOIP.dat
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

  9. The Following User Says Thank You to zep516 For This Useful Post:


  10. #7
    Member
    Join Date
    Jan 2016
    Posts
    9
    Points
    0

    Default

    Thank you so much once again! I can breathe a sigh of relief now! I did as you instructed and here is the log from the FRSTfix. The system did need to restart but the program itself did not need to. I can't thank you enough. I really appreciate all of your help with this - I just got this computer for Christmas and was devastated when I recognized that it had a virus/malware/adware! You're the best!

    Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
    Ran by craig (2016-01-27 09:13:30) Run:1
    Running from C:\Users\craig\Desktop
    Loaded Profiles: craig (Available Profiles: craig)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [sun3] => [X]
    SearchScopes: HKU\S-1-5-21-2292373485-339341811-2322791137-1001 -> DefaultScope {FF91E75D-695D-4AB1-BCB2-715B7A8FB546} URL =
    S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
    U2 TMAgent; no ImagePath
    C:\Users\Public\VOIP.dat
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun3 => value removed successfully
    HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    motmodem => service removed successfully
    TMAgent => service removed successfully
    C:\Users\Public\VOIP.dat => moved successfully
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
    EmptyTemp: => 2.2 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 09:15:10 ====

  11. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    I have gotten a bit ahead of myself, your first Malwarebytes log showed nothing "quarantined" could you please run Malwarebytes again. I'll provide the instructions. You may skip the download part since you have it installed already.

    When time permits;

    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.



    Posting the Malwarebytes log.

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.


    Thanks
    Joe

  12. #9
    Member
    Join Date
    Jan 2016
    Posts
    9
    Points
    0

    Default

    Here it is. I was surprised when it found more malware, ugh!!

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/28/2016
    Scan Time: 3:12 PM
    Logfile: mbam log 1-28-16.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.28.05
    Rootkit Database: v2016.01.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: craig

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 395600
    Time Elapsed: 27 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.BestYouTubeDownloader, HKU\S-1-5-21-2292373485-339341811-2322791137-1001\SOFTWARE\myntra_youtube_downloader, Quarantined, [33d292ad386167cf72782c1739cb3ac6],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    Rogue.TechSupportScam, C:\Windows\SysInfo.exe, Quarantined, [986d6dd2cfca40f6ef608956b94857a9],
    PUP.Optional.MorePowerfulCleaner, C:\Windows\keywords.txt, Quarantined, [c73e112e17822115f3556690857f1ce4],
    Rogue.TechSupportScam, C:\Windows\sc.bat, Quarantined, [b64f85ba980137ffef5dd323ad57639d],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  13. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    I'll keep the topic open. Run the computer a few days and see how things are. Post another Malwarebytes in a few days so we can see if it's ok. Just want to make sure malware / adware is not reinstalling itself. I'm pretty sure we are ok.

    Thanks
    Joe

  14. The Following User Says Thank You to zep516 For This Useful Post:


Page 1 of 2 12 LastLast