CreateRestorePoint:
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Prodege) C:\Users\Public\SBExtension\SBExtnBack.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1602748701-1103567624-1578815078-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.swagbucks.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1602748701-1103567624-1578815078-1001 -> DefaultScope {73535CC7-4E6E-4E0C-866A-B3F33B837B3F} URL = hxxp://www.swagbucks.com/?f=52&t=w&p=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1602748701-1103567624-1578815078-1001 -> {73535CC7-4E6E-4E0C-866A-B3F33B837B3F} URL = hxxp://www.swagbucks.com/?f=52&t=w&p=1&q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: SwagButton -> {5CE831FC-884E-4773-B203-BB76561EDB98} -> C:\Program Files (x86)\Prodege\SwagButton\SBExtension.dll [2015-04-16] (Prodege)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
2015-09-12 16:07 - 2015-09-17 22:53 - 00001245 _____ C:\Users\Candra\Downloads\SBExtension-181.msi
2015-09-18 00:14 - 2015-07-02 12:37 - 00000000 ____D C:\Users\Public\SBExtension
2015-09-05 15:20 - 2015-08-09 11:43 - 00001245 _____ C:\Users\Candra\Downloads\SBExtension-180.msi
C:\Users\Candra\SBExtnBack.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Program Files (x86)\Coupons
C:\Program Files (x86)\Prodege\SwagButton
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Hosts:
EmptyTemp: