Jump to content

can't use chrome


Recommended Posts

I think i have a hijack i think that's what you call it because my homepage doesn't look normal here are my files

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-05-2016
Ran by maggiemay (2016-05-19 12:43:37)
Running from C:\Users\maggiemay\Downloads
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-04 03:46:37)
Boot Mode: Normal
==========================================================

 


==================== Accounts: =============================

 

Administrator (S-1-5-21-2283885129-1122399038-1014182919-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2283885129-1122399038-1014182919-503 - Limited - Disabled)
Guest (S-1-5-21-2283885129-1122399038-1014182919-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283885129-1122399038-1014182919-1004 - Limited - Enabled)
maggiemay (S-1-5-21-2283885129-1122399038-1014182919-1000 - Administrator - Enabled) => C:\Users\maggiemay

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Internet Security Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Able2Extract 9.0 (HKLM\...\{98A71953-B535-4E63-897B-EC9B2FC46376}_is1) (Version: 9.0 - Investintech.com Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CyberLink YouCam 7 (HKLM\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0623.0 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Norton Internet Security Online (HKLM\...\NIS) (Version: 22.6.0.142 - Symantec Corporation)
Norton Online Backup (HKLM\...\{1969BD50-331D-4B7A-8116-29A7DC6D45B4}) (Version: 2.10.3.20 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Spotify (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\maggiemay\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {01A64A25-7B49-4DF8-963D-C831D7339251} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {06448386-9526-4DA2-9EED-BF5EB6CC5E6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {06D5CC5F-5B9F-4A1B-952F-E54FC801A880} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {079DCB07-F075-424F-900D-2165D0338E78} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08F14201-C5A4-4252-9203-4AB8B09F8DF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {0B4BE768-FE52-4888-828D-51164B246C80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation)
Task: {0EA463C2-6838-402B-BF3B-5D7F3263FD06} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E4B04AD-D235-401E-A6C2-9F6C96CED5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
Task: {1F4CBF51-37C1-4570-B416-290C979F1771} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1F67F9EA-AD44-49FB-9261-79CAED2EC6D3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {2133B62D-41F0-46EC-A6FC-9E642DE05F7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29542824-B54D-4121-92D9-30B1827BF68C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {299D17A3-D645-4DBD-9D76-AAB0D29C8240} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2B7E36C1-DCD1-470C-BBA5-48F24DD6CCDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {30DC797F-462C-4CB9-8C8A-A73D187BDE9F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3160AE1C-9D11-4B44-A296-F46CA9152539} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {3939EC7D-A8C0-4E81-B389-3B7E92A17FD6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3A43200A-A7C5-4097-AC56-3B54A5005472} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {3D0934F7-8B0F-4997-B32F-CBBD64B6E6EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {434A20EA-81AE-4889-895A-B09E224E0678} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {440B7E95-8C01-4A3A-8056-DCABAC4139AB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {44A319ED-4CCD-403E-93F3-867ECD9F8522} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {44DEA1E8-A591-4A31-A92B-9078D0637CA9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {47FE7A1B-E3EB-4950-B8BC-126095ACC4B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {48D9D12C-5DF3-4556-AEDC-9BFD532683F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {57564713-744E-48B2-8949-73557D9F5170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5869BA52-6847-487A-829E-2996C9B71E6B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {61CA0174-3E3E-4CE2-BC27-F817098F4DD2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6334311B-FEC5-4D78-8C1A-EB638918F686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {715D9304-F0EF-49B7-859C-49036A5F7D39} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {79C877E9-8E4F-444C-9D72-DDE2C60D4EDA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation)
Task: {7C6B1C11-3341-41A7-880B-BE67CB638168} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88366F40-D11A-4866-81C9-8B23C980E01C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {883EB3B8-49FD-44BE-9472-FDD669BEC9C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {88ADF8F0-F71F-4623-BE56-D1C6CEA1B9D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {93C0E1CB-925B-4D1F-B98D-F5174E40D6F2} - System32\Tasks\{DC5E2EA2-99E9-4657-9293-ADD97F0E24BD} => pcalua.exe -a C:\Users\maggiemay\Downloads\iCloudBypasser.exe -d C:\Users\maggiemay\Downloads
Task: {9A8A98A5-0E5E-4391-B068-4C2ADBC77016} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B75AF69-36F4-4316-9479-64B55754EEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {9D1E4C4C-E7CA-4C0D-BA77-C3766CF9763A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A9E334FB-0745-4DCC-9A3F-E30B8735204A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {B2BFB37B-B124-4E3A-8B95-F14848A12DA6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security Online\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {BD9C3024-1B14-4708-BB46-3AD2C164A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BFFAD844-10C2-4A03-B3F1-AAB17625E5EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {C94A8A8B-B292-4281-8425-932A814113DC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation)
Task: {CC672DB6-F3CB-4BC5-BA87-C9E18C3ED909} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CCFFC9CD-8951-46C7-B0D0-0B1218FC74E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CD4CA1B3-ECEB-4E65-B118-EC63E447CBCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE80A561-4CE2-4BE7-8C20-642CE6EF3617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {D3DEE23B-E676-497D-834B-90D334E2C8C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE63A686-6746-4488-82D3-DCE965C21B04} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E20476A8-0947-49A1-91E4-F439EDB13FB6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9116118-513A-4BDB-BC57-6A37A68B85D3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F9BF70EA-5DBE-40BF-AE81-87DE8F19244C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-14 10:06 - 2015-10-13 03:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2016-05-03 17:24 - 2013-06-28 11:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 16:50 - 2016-04-26 16:50 - 00679624 _____ () C:\Users\maggiemay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-12-14 10:07 - 2015-12-14 10:11 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-18 12:29 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 17:45 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-12 17:45 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-12 17:45 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-12 17:46 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-12 17:46 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-22 21:39 - 2014-09-25 15:49 - 00883496 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\platforms\qwindows.dll
2015-11-22 21:39 - 2014-09-25 15:49 - 00022312 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\imageformats\qsvg.dll
2016-05-19 00:08 - 2016-05-19 00:08 - 00098816 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32api.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00110080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pywintypes27.dll
2016-05-19 00:08 - 2016-05-19 00:08 - 00364544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pythoncom27.dll
2016-05-19 00:08 - 2016-05-19 00:08 - 00320512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32com.shell.shell.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00776704 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_hashlib.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 01176576 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._core_.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00806400 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._gdi_.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00816128 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._windows_.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 01067008 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._controls_.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00733184 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._misc_.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00682496 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pysqlite2._sqlite.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_ctypes.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00119808 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32file.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00108544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32security.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00007168 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\hashobjs_ext.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00017920 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\thumbnails_ext.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\usb_ext.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00167936 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32gui.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00018432 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32event.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00046080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_socket.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 01208320 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_ssl.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00128512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_elementtree.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00127488 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pyexpat.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00012288 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\common.time34.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00038912 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32inet.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00036864 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_psutil_windows.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00525208 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\windows._lib_cacheinvalidation.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00011264 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32crypt.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00077312 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._html2.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00027136 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_multiprocessing.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00020480 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_yappi.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00035840 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32process.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00686080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\unicodedata.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00078848 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._animate.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00123392 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._wizard.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00024064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32pipe.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00010240 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\select.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00025600 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32pdh.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00017408 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32profile.pyd
2016-05-19 00:08 - 2016-05-19 00:08 - 00022528 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32ts.pyd
2016-04-22 15:24 - 2016-04-22 15:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-22 15:24 - 2016-04-22 15:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-22 15:24 - 2016-04-22 15:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-30 10:55 - 2016-03-30 10:55 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-30 10:55 - 2016-03-30 10:55 - 14568448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 12:30 - 2016-03-04 12:30 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 


==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 


==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 


==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\sharepoint.com -> hxxps://ashedu-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\webcompanion.com -> hxxp://webcompanion.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk"
HKLM\...\StartupApproved\Run: => "YouCam Service7"
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\StartupApproved\Run: => "WeatherBug"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{75FB35ED-F562-4373-B8C6-9569B96D0519}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{E87C009C-667A-4D79-BE5B-79FC2A468873}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{D5E675B5-8F4A-47BD-9999-F2DB341A3FAC}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{2A75765D-3648-4760-A808-48EE99FF3340}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{B92DAB99-2A60-4037-AFA9-7CA17F7DFF0E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9A6FF38B-0CEE-4C31-B186-5EAA537D9D53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FB6AE5F0-4877-46B2-9BE0-641499024B2E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4DAB04C8-8EEA-4257-8A2C-B4F9127E474A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BB923985-99A4-4DAC-94B2-8D87AE288162}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8C96EBE3-4F92-42C6-AFA6-B0B92DE0CB58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D9DF2B21-3B20-4E4C-A820-882B684681CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{10157C97-B3AA-461F-956F-6E2193857954}] => (Allow) C:\Users\maggiemay\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{147F52A3-44D3-407D-978D-E67D5714DD66}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E7793820-9B9E-4F03-86B3-5EC071906D57}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{69698BD3-1159-4553-A88B-C922B6C044A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A5EB03C-C3F7-4376-93B1-FF57CA2D24A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7401B997-B4A0-4212-8E22-29CBD106B15B}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7DDC348C-380F-48B2-B63A-6CF2B069ADB9}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [{9FD189DF-7227-4E7A-A719-31AFD42077F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A66B50BB-A77E-4C5F-B5AB-C7FB3BA3F1AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6939B40D-3377-401A-A664-054251CDED8C}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{3E5E8331-D832-4544-B651-A13591C6E90E}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [{C3CC6217-8FA8-4137-BED0-43EBDA713C96}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3AE9F80-65CE-4408-A35F-26B3E5E447E4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{14AC0574-92C2-4E88-AB04-8DCDE5EC2967}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8C3ABC2F-F917-44E7-B3E1-4771449DD014}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2C905C8B-3D9D-454A-BFD6-30004E69652C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

 

==================== Restore Points =========================

 


==================== Faulty Device Manager Devices =============

 


==================== Event log errors: =========================

 

Application errors:
==================
Error: (05/19/2016 10:17:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_StiSvc, version: 10.0.10586.0, time stamp: 0x5632d73f
Faulting module name: CNC_CAL.dll, version: 1.0.2.0, time stamp: 0x52ddf466
Exception code: 0xc0000005
Fault offset: 0x00034de0
Faulting process id: 0x8ac
Faulting application start time: 0xsvchost.exe_StiSvc0
Faulting application path: svchost.exe_StiSvc1
Faulting module path: svchost.exe_StiSvc2
Report Id: svchost.exe_StiSvc3
Faulting package full name: svchost.exe_StiSvc4
Faulting package-relative application ID: svchost.exe_StiSvc5

 

Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10805453

 

Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10805453

 

Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4734

 

Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4734

 

Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3265

 

Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3265

 

Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 


System errors:
=============
Error: (05/19/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/19/2016 12:55:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

 

Error: (05/19/2016 12:04:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

 

Error: (05/19/2016 12:04:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

 

Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_244ba80 service to connect.

 

Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_244ba80 service, but this action failed with the following error: 
%%1056

 

Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_244ba80 service to connect.

 

Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_244ba80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_244ba80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_244ba80 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 


CodeIntegrity:
===================================
  Date: 2016-05-18 12:49:26.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-05-14 13:10:52.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-05-14 11:13:07.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:07.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:07.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:07.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:07.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:06.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:05.353
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2016-05-14 11:13:05.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 


==================== Memory info ===========================

 

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 3544.36 MB
Available physical RAM: 2052.91 MB
Total Virtual: 7128.36 MB
Available Virtual: 5111.6 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:160.44 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Here is the other file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-05-2016
Ran by maggiemay (administrator) on MAGGIEMAY-PC (19-05-2016 12:41:59)
Running from C:\Users\maggiemay\Downloads
Loaded Profiles: maggiemay (Available Profiles: maggiemay)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.6.0.142\nis.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.6.0.142\nis.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam7\YouCamService7.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Able2Extract 9.0 Print Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe [9109320 2015-11-17] (Investintech.com Inc.)
HKLM\...\Run: [YouCam Service7] => C:\Program Files\CyberLink\YouCam7\YouCamService7.exe [454072 2015-06-22] (CyberLink Corp.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Update] => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-27] (Google Inc.)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Photos Backup] => C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Spotify Web Helper] => C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\MountPoints2: {0826e35e-0f3c-11e6-ba09-a4badbb0e4f7} - "F:\LG_PC_Programs.exe" 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{06e54b54-3baa-4ebf-b86b-d4ba8e1137f8}: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{3afccbf6-601e-414c-ba67-b3176e8fd1b6}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226
Tcpip\..\Interfaces\{4b91b5f4-3341-4071-92ee-15c4aea528ef}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d2d80eff
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=U280
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {5C0F13CB-C721-43A4-98AF-2CDECC1AA8F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.google.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-14] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/Google Update;version=3 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/Google Update;version=9 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF SearchPlugin: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\searchplugins\bing-lavasoft.xml [2016-05-08]
FF Extension: WOT - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-13]
FF Extension: Adblock Plus - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-05-09]

Chrome: 
=======
CHR HomePage: Default -> bing.com/?mkt=en-US&pc=__PARAM__
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE46737A2-8CE5-4A19-A6D9-B6569B11F37B&SSPV=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d2d80eff","hxxp://www.google.com/"
CHR Profile: C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-01-19] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23]
CHR Extension: (Google Docs) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23]
CHR Extension: (Google Drive) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-04]
CHR Extension: (Google Search) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Sheets) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Avast Online Security) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-20]
CHR Extension: (Norton Identity Safe) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Yahoo Partner) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-19]
CHR Extension: (Gmail) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23]
CHR HKLM\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-02-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1917680 2016-03-08] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation)
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [3544336 2016-01-22] (Symantec Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2015-10-30] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160502.001\BHDrvx86.sys [1269488 2016-03-03] (Symantec Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1606000.08E\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R1 CLMirrorDriver; C:\WINDOWS\system32\DRIVERS\CLMirrorDriver.sys [21264 2015-05-20] (CyberLink)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [36824 2015-03-24] (CyberLink Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124144 2016-05-04] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160518.001\IDSvix86.sys [667352 2016-05-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160518.020\NAVENG.SYS [104408 2016-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160518.020\NAVEX15.SYS [1647192 2016-05-16] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1606000.08E\SRTSP.SYS [713968 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1606000.08E\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NIS\1606000.08E\SYMEFASI.SYS [1287408 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NIS\1606000.08E\SYMELAM.SYS [22144 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2016-02-19] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1606000.08E\Ironx86.SYS [234736 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NIS\1606000.08E\SYMNETS.SYS [431328 2016-02-23] (Symantec Corporation)
S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2015-10-30] (Marvell)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 12:41 - 2016-05-19 12:42 - 00021860 _____ C:\Users\maggiemay\Downloads\FRST.txt
2016-05-19 11:52 - 2016-05-19 12:38 - 00001528 _____ C:\Users\maggiemay\Desktop\FRST - Shortcut.lnk
2016-05-19 11:50 - 2016-05-19 12:41 - 01733120 _____ (Farbar) C:\Users\maggiemay\Downloads\FRST.exe
2016-05-19 11:25 - 2016-05-19 11:26 - 05819274 _____ C:\Users\maggiemay\Documents\TOMTHUMBWORKTICKETSFOR5-19-25-2016.pdf
2016-05-19 11:16 - 2016-05-19 11:23 - 05943618 _____ C:\Users\maggiemay\Documents\IMG_20160519_0001.pdf
2016-05-18 21:42 - 2016-05-19 11:01 - 00000000 ___RD C:\Users\maggiemay\Google Drive
2016-05-18 21:42 - 2016-05-18 21:42 - 00001798 _____ C:\Users\maggiemay\Desktop\Google Drive.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00002075 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00002073 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00002063 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00001113 _____ C:\Users\Public\Desktop\Google Drive.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-18 21:34 - 2016-05-18 21:34 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Google Drive Installer.exe
2016-05-18 21:24 - 2016-05-18 21:24 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-18 21:21 - 2016-05-18 21:21 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Desktop\Ninite Java 8 Malwarebytes Spotify Installer.exe
2016-05-18 21:20 - 2016-05-18 21:20 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Java 8 Malwarebytes Spotify Installer.exe
2016-05-18 21:14 - 2016-05-18 21:14 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Firefox Installer.exe
2016-05-18 21:10 - 2016-05-18 21:11 - 44584432 _____ C:\Users\maggiemay\Downloads\Firefox Setup 46.0.1.exe
2016-05-18 13:54 - 2016-05-18 13:54 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (2).pdf
2016-05-18 13:38 - 2016-05-18 13:38 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (1).pdf
2016-05-18 13:30 - 2016-05-18 13:30 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington.pdf
2016-05-17 16:16 - 2016-05-17 16:16 - 00968967 _____ C:\Users\maggiemay\Documents\CHUEYSINVOICES5-17-2016.pdf
2016-05-17 16:14 - 2016-05-17 16:15 - 00976020 _____ C:\Users\maggiemay\Documents\IMG_20160517_0001.pdf
2016-05-17 12:09 - 2016-05-17 12:09 - 00005619 _____ C:\Users\maggiemay\Downloads\smime.p7s
2016-05-16 17:27 - 2016-05-16 17:27 - 00497655 _____ C:\Users\maggiemay\Documents\TOMTHUMB139WORKTICKET.pdf
2016-05-16 17:26 - 2016-05-16 17:26 - 00504216 _____ C:\Users\maggiemay\Documents\IMG_20160516_0002.pdf
2016-05-16 16:53 - 2016-05-16 16:54 - 05326671 _____ C:\Users\maggiemay\Documents\TOMTHUMBINVOICES-5-16-2016.pdf
2016-05-16 16:43 - 2016-05-16 16:51 - 05598220 _____ C:\Users\maggiemay\Documents\IMG_20160516_0001.pdf
2016-05-16 12:44 - 2016-05-16 12:44 - 01104548 _____ C:\Users\maggiemay\Downloads\scan0034.pdf
2016-05-16 11:35 - 2016-05-16 11:35 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16 (1).zip
2016-05-16 11:33 - 2016-05-16 11:33 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16.zip
2016-05-16 11:33 - 2016-05-16 11:33 - 00000000 ____D C:\Users\maggiemay\Downloads\attachments_2016_05_16
2016-05-16 11:12 - 2016-05-16 11:12 - 03489116 _____ C:\Users\maggiemay\Downloads\scan0031 (1).pdf
2016-05-15 15:35 - 2016-05-15 15:35 - 00001916 _____ C:\Users\maggiemay\Desktop\Spotify.lnk
2016-05-15 15:35 - 2016-05-15 15:35 - 00001902 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-15 15:34 - 2016-05-15 15:34 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (6).exe
2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart.jnlp
2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart (1).jnlp
2016-05-15 00:58 - 2016-05-15 00:58 - 00008816 _____ C:\Users\maggiemay\Downloads\NoActivityAlert.csv
2016-05-14 13:45 - 2016-05-14 13:45 - 00218036 _____ C:\Users\maggiemay\Downloads\SCityHall D15012114020.pdf
2016-05-14 10:30 - 2016-05-14 10:30 - 00001530 _____ C:\Users\maggiemay\Downloads\Untitled
2016-05-13 17:38 - 2016-05-13 17:39 - 00009220 _____ C:\Users\maggiemay\Documents\cc_20160513_173806.reg
2016-05-13 17:23 - 2016-05-13 17:23 - 00001040 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-13 17:23 - 2016-05-13 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-13 17:22 - 2016-05-13 17:23 - 00000000 ____D C:\Program Files\CCleaner
2016-05-13 16:55 - 2016-05-13 17:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-13 16:54 - 2016-05-13 16:54 - 00001135 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-13 16:54 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-13 16:54 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-13 16:54 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-13 16:15 - 2016-05-13 16:15 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (5).exe
2016-05-13 16:12 - 2016-05-13 16:12 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (4).exe
2016-05-13 15:59 - 2016-05-13 15:59 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (3).exe
2016-05-13 15:58 - 2016-05-13 15:58 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (2).exe
2016-05-12 23:18 - 2016-05-12 23:18 - 04780722 _____ C:\Users\maggiemay\Downloads\std-rates.zip
2016-05-12 23:15 - 2016-05-12 23:15 - 05358270 _____ C:\Users\maggiemay\Downloads\std-graph.zip
2016-05-12 19:43 - 2016-05-12 19:45 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\U3
2016-05-12 17:47 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-12 17:47 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-12 17:46 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-12 17:46 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-12 17:46 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-12 17:46 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-12 17:46 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-12 17:46 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-12 17:46 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-12 17:46 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-12 17:46 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-12 17:46 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-12 17:46 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-12 17:46 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-12 17:46 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-12 17:46 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-12 17:46 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-12 17:46 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-12 17:46 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-12 17:46 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-12 17:46 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-12 17:46 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-12 17:46 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-12 17:46 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-12 17:46 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-12 17:46 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-12 17:46 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-12 17:46 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-12 17:46 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-12 17:46 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-12 17:46 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-12 17:46 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-12 17:46 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-12 17:46 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-12 17:46 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-12 17:46 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-12 17:46 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-12 17:46 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-12 17:46 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-12 17:46 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-12 17:46 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-12 17:46 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-12 17:46 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-12 17:46 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-12 17:46 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-12 17:46 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-12 17:46 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-12 17:46 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-12 17:46 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-12 17:46 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-12 17:46 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-12 17:46 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-12 17:46 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-12 17:46 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-12 17:46 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-12 17:46 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-12 17:46 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-12 17:46 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-12 17:46 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-12 17:46 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-12 17:46 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-12 17:46 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-12 17:46 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-12 17:46 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-12 17:46 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-12 17:46 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-12 17:46 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-12 17:46 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-12 17:45 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-12 17:45 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-12 17:45 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-12 17:45 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-12 17:45 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-12 17:45 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-12 17:45 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-12 17:45 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-12 17:45 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-12 16:38 - 2016-05-13 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-12 14:28 - 2016-05-19 12:38 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Spotify
2016-05-12 14:28 - 2016-05-12 14:28 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (1).exe
2016-05-12 14:27 - 2016-05-19 12:34 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Spotify
2016-05-12 14:26 - 2016-05-12 14:26 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup.exe
2016-05-11 15:02 - 2016-05-11 15:05 - 00000000 ____D C:\Users\maggiemay\Desktop\J. R. R. Tolkien
2016-05-11 14:52 - 2016-05-11 14:52 - 00000000 ____D C:\Users\maggiemay\Desktop\review documents
2016-05-11 14:51 - 2016-05-11 14:51 - 00000000 ____D C:\Users\maggiemay\Desktop\FileHistory
2016-05-11 14:46 - 2016-05-12 15:11 - 00000000 ____D C:\Users\maggiemay\Desktop\contractors enterprises
2016-05-11 12:00 - 2016-05-11 12:00 - 00000000 ____D C:\Users\maggiemay\Documents\CASHAMERICA-PAPERWORK
2016-05-10 16:25 - 2016-05-10 16:25 - 00000000 ____D C:\Users\maggiemay\Documents\Custom Office Templates
2016-05-09 17:42 - 2016-05-09 17:42 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection7496A0A6-705C-4841-B925-861076BCC9B5
2016-05-09 11:55 - 2016-05-09 11:55 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection8E4FF7C8-4928-41AF-AE63-C15834121033
2016-05-09 11:49 - 2016-05-09 11:49 - 00004591 _____ C:\Users\maggiemay\Downloads\Attachment_CONTRACTORSENTERPRISES_20160509.csv
2016-05-09 11:47 - 2016-05-09 11:47 - 00010994 _____ C:\Users\maggiemay\Downloads\InvoiceNoBackup.csv
2016-05-08 18:36 - 2016-05-08 18:36 - 00000000 ____D C:\Users\maggiemay\AppData\Local\OurrarUdl
2016-05-08 18:32 - 2016-05-08 18:32 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Digiarty
2016-05-08 18:31 - 2016-05-08 18:31 - 00000000 ____D C:\Video
2016-05-08 18:30 - 2016-05-08 18:30 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2016-05-08 18:30 - 2016-05-08 18:30 - 00002976 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-08 18:29 - 2016-05-08 18:37 - 00000000 ____D C:\Users\maggiemay\AppData\Local\YouTubeDownloaderGuru
2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\music_downloader_guru.exe
2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\Music_Downloader_Guru (1).exe
2016-05-08 17:28 - 2016-05-08 17:28 - 00000000 ____D C:\Users\maggiemay\Documents\.DataStorage
2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX2
2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX
2016-05-04 14:22 - 2016-05-04 14:22 - 01133556 _____ C:\Users\maggiemay\Documents\signedPEPBOYSWORKTICKETS5-4-2016.pdf
2016-05-04 14:06 - 2016-05-04 14:06 - 01129845 _____ C:\Users\maggiemay\Downloads\scan0032.pdf
2016-05-03 17:40 - 2016-05-04 15:22 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2016-05-03 17:30 - 2016-05-03 17:30 - 00185148 _____ C:\Users\maggiemay\Documents\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf
2016-05-03 17:28 - 2016-05-03 17:28 - 00188612 _____ C:\Users\maggiemay\Downloads\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf
2016-05-03 17:23 - 2016-05-11 17:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-05-03 17:21 - 2016-05-03 17:21 - 00002046 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-05-03 17:21 - 2016-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series User Registration
2016-05-03 17:16 - 2016-05-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-05-03 17:16 - 2016-05-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual
2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\Program Files\CanonBJ
2016-05-03 17:15 - 2014-02-04 15:28 - 00296448 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAC.dll
2016-05-03 17:15 - 2014-02-04 15:28 - 00097280 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAI.dll
2016-05-03 17:15 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAL.dll
2016-05-02 13:47 - 2016-05-02 13:47 - 14875383 _____ C:\Users\maggiemay\Downloads\scan0031.pdf
2016-04-29 16:31 - 2016-04-29 16:31 - 05023789 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_29.zip
2016-04-28 10:25 - 2016-04-28 10:25 - 08388199 _____ C:\Users\maggiemay\Downloads\TOMTHUMBINVOICES4-11-2016.pdf
2016-04-28 10:23 - 2016-04-28 10:23 - 01674261 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_28.zip
2016-04-26 16:53 - 2016-05-18 21:24 - 00000000 ____D C:\Users\maggiemay\.oracle_jre_usage
2016-04-25 15:41 - 2014-03-18 05:00 - 00330752 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMCA.DLL
2016-04-25 15:33 - 2014-03-18 05:00 - 00329216 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCA.DLL
2016-04-25 15:33 - 2013-12-02 12:51 - 00096000 _____ C:\WINDOWS\system32\CNC177FD.TBL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 12:41 - 2016-01-19 15:22 - 00000000 ____D C:\FRST
2016-05-19 12:32 - 2015-11-22 18:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-19 12:26 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-19 12:01 - 2015-11-22 18:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 11:52 - 2016-03-27 13:37 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job
2016-05-19 10:38 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-19 00:08 - 2015-11-22 18:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 00:06 - 2016-02-19 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-19 00:04 - 2015-12-03 22:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 00:03 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-18 21:42 - 2015-12-03 22:37 - 00000000 ____D C:\Users\maggiemay
2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Google
2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Program Files\Google
2016-05-18 21:26 - 2016-01-19 13:08 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 21:26 - 2016-01-19 13:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-05-18 21:25 - 2016-01-19 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-18 21:25 - 2016-01-19 11:43 - 00000000 ____D C:\Program Files\Java
2016-05-18 21:24 - 2016-01-19 11:44 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-05-18 15:45 - 2015-12-03 23:46 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Packages
2016-05-18 13:52 - 2016-03-27 13:37 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job
2016-05-18 12:55 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-05-17 13:02 - 2016-02-24 13:15 - 00000000 ____D C:\Users\maggiemay\AppData\Local\CrashDumps
2016-05-16 17:47 - 2015-10-30 01:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-14 12:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 11:05 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 17:34 - 2016-04-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-13 17:34 - 2015-12-04 01:30 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-13 14:40 - 2015-12-03 23:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 14:34 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 13:13 - 2015-10-30 01:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-13 13:08 - 2015-12-09 16:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-13 12:55 - 2015-12-09 16:43 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 11:02 - 2016-01-19 11:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-12 20:59 - 2016-02-20 19:12 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 20:59 - 2015-11-22 18:33 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 19:46 - 2015-12-03 22:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-12 19:13 - 2015-11-22 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-12 18:33 - 2015-12-03 23:48 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Publishers
2016-05-11 15:57 - 2015-10-30 01:49 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 01:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-11 14:59 - 2015-12-04 15:13 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIES IMPORTANT PAPER WORK
2016-05-10 10:04 - 2016-02-19 16:21 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS
2016-05-10 10:04 - 2015-10-30 01:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-09 13:32 - 2015-12-03 12:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-09 13:29 - 2016-02-19 16:26 - 00002457 _____ C:\Users\Public\Desktop\Norton Internet Security Online.LNK
2016-05-09 13:29 - 2016-02-19 16:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-05-07 11:54 - 2015-10-30 01:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-07 11:52 - 2015-12-14 10:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-04 18:01 - 2015-11-30 15:26 - 00000000 ___RD C:\Users\maggiemay\Documents\Scanned Documents
2016-05-04 14:07 - 2015-12-06 15:30 - 00000000 ____D C:\Users\maggiemay\MAGGIESIMPORTANTPAPERWORK
2016-05-03 17:39 - 2015-12-06 15:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-05-03 17:39 - 2015-12-02 21:29 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\canon
2016-05-03 17:22 - 2015-12-02 21:12 - 00000000 ____D C:\Program Files\Canon
2016-05-03 17:22 - 2015-10-30 01:48 - 00000000 __RSD C:\WINDOWS\Media
2016-05-03 17:21 - 2015-12-02 21:20 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2016-05-03 17:13 - 2015-11-23 03:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-03 11:16 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-02 14:24 - 2015-12-08 16:32 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIESPICTURES
2016-04-26 16:50 - 2015-12-03 23:51 - 00002425 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 16:50 - 2015-12-03 23:51 - 00000000 ___RD C:\Users\maggiemay\OneDrive
2016-04-22 15:11 - 2015-12-03 22:31 - 00342088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-22 03:57 - 2015-11-29 21:54 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 18:11 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-21 18:11 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-21 16:43 - 2016-03-23 10:30 - 00000022 _____ C:\Users\maggiemay\Downloads\WO24354120Outside (1).zip

==================== Files in the root of some directories =======

2016-01-19 14:06 - 2016-01-21 12:06 - 0000100 _____ () C:\Users\maggiemay\AppData\Roaming\WB.CFG
2015-11-23 22:45 - 2015-11-23 22:45 - 0003584 _____ () C:\Users\maggiemay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-30 15:58 - 2015-11-30 15:59 - 0000660 _____ () C:\ProgramData\LMADGscan.log

Some files in TEMP:
====================
C:\Users\maggiemay\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-09 12:05

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please upload them into your next reply.

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-05-2016 01
Ran by maggiemay (2016-05-22 19:01:49)
Running from C:\Users\maggiemay\Downloads
Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-04 03:46:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2283885129-1122399038-1014182919-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2283885129-1122399038-1014182919-503 - Limited - Disabled)
Guest (S-1-5-21-2283885129-1122399038-1014182919-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2283885129-1122399038-1014182919-1004 - Limited - Enabled)
maggiemay (S-1-5-21-2283885129-1122399038-1014182919-1000 - Administrator - Enabled) => C:\Users\maggiemay

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Able2Extract 9.0 (HKLM\...\{98A71953-B535-4E63-897B-EC9B2FC46376}_is1) (Version: 9.0 - Investintech.com Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CyberLink YouCam 7 (HKLM\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0623.0 - CyberLink Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Spotify (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\maggiemay\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A64A25-7B49-4DF8-963D-C831D7339251} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {06448386-9526-4DA2-9EED-BF5EB6CC5E6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {06D5CC5F-5B9F-4A1B-952F-E54FC801A880} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {079DCB07-F075-424F-900D-2165D0338E78} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08F14201-C5A4-4252-9203-4AB8B09F8DF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {0B4BE768-FE52-4888-828D-51164B246C80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation)
Task: {0EA463C2-6838-402B-BF3B-5D7F3263FD06} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E4B04AD-D235-401E-A6C2-9F6C96CED5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
Task: {1F4CBF51-37C1-4570-B416-290C979F1771} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1F67F9EA-AD44-49FB-9261-79CAED2EC6D3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {2133B62D-41F0-46EC-A6FC-9E642DE05F7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29542824-B54D-4121-92D9-30B1827BF68C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {299D17A3-D645-4DBD-9D76-AAB0D29C8240} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2B7E36C1-DCD1-470C-BBA5-48F24DD6CCDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {30DC797F-462C-4CB9-8C8A-A73D187BDE9F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3160AE1C-9D11-4B44-A296-F46CA9152539} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {3D0934F7-8B0F-4997-B32F-CBBD64B6E6EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {434A20EA-81AE-4889-895A-B09E224E0678} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {440B7E95-8C01-4A3A-8056-DCABAC4139AB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {44DEA1E8-A591-4A31-A92B-9078D0637CA9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {47FE7A1B-E3EB-4950-B8BC-126095ACC4B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {48D9D12C-5DF3-4556-AEDC-9BFD532683F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {57564713-744E-48B2-8949-73557D9F5170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5869BA52-6847-487A-829E-2996C9B71E6B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {61CA0174-3E3E-4CE2-BC27-F817098F4DD2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6334311B-FEC5-4D78-8C1A-EB638918F686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.)
Task: {715D9304-F0EF-49B7-859C-49036A5F7D39} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {79C877E9-8E4F-444C-9D72-DDE2C60D4EDA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation)
Task: {7C6B1C11-3341-41A7-880B-BE67CB638168} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88366F40-D11A-4866-81C9-8B23C980E01C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {883EB3B8-49FD-44BE-9472-FDD669BEC9C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {88ADF8F0-F71F-4623-BE56-D1C6CEA1B9D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {93C0E1CB-925B-4D1F-B98D-F5174E40D6F2} - System32\Tasks\{DC5E2EA2-99E9-4657-9293-ADD97F0E24BD} => pcalua.exe -a C:\Users\maggiemay\Downloads\iCloudBypasser.exe -d C:\Users\maggiemay\Downloads
Task: {9A8A98A5-0E5E-4391-B068-4C2ADBC77016} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B75AF69-36F4-4316-9479-64B55754EEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {9D1E4C4C-E7CA-4C0D-BA77-C3766CF9763A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BD9C3024-1B14-4708-BB46-3AD2C164A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BFFAD844-10C2-4A03-B3F1-AAB17625E5EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {C94A8A8B-B292-4281-8425-932A814113DC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation)
Task: {CC672DB6-F3CB-4BC5-BA87-C9E18C3ED909} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CCFFC9CD-8951-46C7-B0D0-0B1218FC74E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CD4CA1B3-ECEB-4E65-B118-EC63E447CBCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE80A561-4CE2-4BE7-8C20-642CE6EF3617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.)
Task: {D3DEE23B-E676-497D-834B-90D334E2C8C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE63A686-6746-4488-82D3-DCE965C21B04} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E20476A8-0947-49A1-91E4-F439EDB13FB6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F9116118-513A-4BDB-BC57-6A37A68B85D3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F9BF70EA-5DBE-40BF-AE81-87DE8F19244C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-12-14 10:06 - 2015-10-13 03:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2016-05-03 17:24 - 2013-06-28 11:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 16:50 - 2016-04-26 16:50 - 00679624 _____ () C:\Users\maggiemay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-12-14 10:07 - 2015-12-14 10:11 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-18 12:29 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 17:45 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-12 17:45 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-12 17:45 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-12 17:46 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-12 17:46 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-22 21:39 - 2014-09-25 15:49 - 00883496 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\platforms\qwindows.dll
2015-11-22 21:39 - 2014-09-25 15:49 - 00022312 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\imageformats\qsvg.dll
2016-04-08 18:35 - 2016-04-08 18:35 - 03481600 _____ () C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-05-22 11:24 - 2016-05-22 11:24 - 00098816 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32api.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00110080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pywintypes27.dll
2016-05-22 11:24 - 2016-05-22 11:24 - 00364544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pythoncom27.dll
2016-05-22 11:24 - 2016-05-22 11:24 - 00320512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32com.shell.shell.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00776704 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_hashlib.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 01176576 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._core_.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00806400 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._gdi_.pyd
2016-05-22 11:24 - 2016-05-22 11:25 - 00816128 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._windows_.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 01067008 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._controls_.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00733184 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._misc_.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00682496 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pysqlite2._sqlite.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_ctypes.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00119808 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32file.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00108544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32security.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00007168 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\hashobjs_ext.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00017920 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\thumbnails_ext.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\usb_ext.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00167936 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32gui.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00018432 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32event.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00046080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_socket.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 01208320 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_ssl.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00128512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_elementtree.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00127488 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pyexpat.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00012288 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\common.time34.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00038912 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32inet.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00036864 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_psutil_windows.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00525208 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\windows._lib_cacheinvalidation.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00011264 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32crypt.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00077312 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._html2.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00027136 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_multiprocessing.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00020480 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_yappi.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00035840 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32process.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00686080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\unicodedata.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00078848 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._animate.pyd
2016-05-22 11:25 - 2016-05-22 11:25 - 00123392 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._wizard.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00024064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32pipe.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00010240 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\select.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00025600 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32pdh.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00017408 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32profile.pyd
2016-05-22 11:24 - 2016-05-22 11:24 - 00022528 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32ts.pyd
2016-04-22 15:24 - 2016-04-22 15:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-22 15:24 - 2016-04-22 15:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-22 15:24 - 2016-04-22 15:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-30 10:55 - 2016-03-30 10:55 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-30 10:55 - 2016-03-30 10:55 - 14568448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 12:30 - 2016-03-04 12:30 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-30 21:11 - 2016-04-30 21:12 - 06383616 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\sharepoint.com -> hxxps://ashedu-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.203.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{75FB35ED-F562-4373-B8C6-9569B96D0519}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{E87C009C-667A-4D79-BE5B-79FC2A468873}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{D5E675B5-8F4A-47BD-9999-F2DB341A3FAC}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{2A75765D-3648-4760-A808-48EE99FF3340}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe
FirewallRules: [{B92DAB99-2A60-4037-AFA9-7CA17F7DFF0E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9A6FF38B-0CEE-4C31-B186-5EAA537D9D53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FB6AE5F0-4877-46B2-9BE0-641499024B2E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4DAB04C8-8EEA-4257-8A2C-B4F9127E474A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BB923985-99A4-4DAC-94B2-8D87AE288162}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8C96EBE3-4F92-42C6-AFA6-B0B92DE0CB58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D9DF2B21-3B20-4E4C-A820-882B684681CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{10157C97-B3AA-461F-956F-6E2193857954}] => (Allow) C:\Users\maggiemay\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{147F52A3-44D3-407D-978D-E67D5714DD66}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E7793820-9B9E-4F03-86B3-5EC071906D57}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{69698BD3-1159-4553-A88B-C922B6C044A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A5EB03C-C3F7-4376-93B1-FF57CA2D24A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7401B997-B4A0-4212-8E22-29CBD106B15B}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7DDC348C-380F-48B2-B63A-6CF2B069ADB9}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [{9FD189DF-7227-4E7A-A719-31AFD42077F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A66B50BB-A77E-4C5F-B5AB-C7FB3BA3F1AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6939B40D-3377-401A-A664-054251CDED8C}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{3E5E8331-D832-4544-B651-A13591C6E90E}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe
FirewallRules: [{C3CC6217-8FA8-4137-BED0-43EBDA713C96}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3AE9F80-65CE-4408-A35F-26B3E5E447E4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{14AC0574-92C2-4E88-AB04-8DCDE5EC2967}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8C3ABC2F-F917-44E7-B3E1-4771449DD014}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2C905C8B-3D9D-454A-BFD6-30004E69652C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{310A284E-6FCD-4D0F-BE41-A04165A9913A}C:\users\maggiemay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maggiemay\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C5EC6D2A-3DCB-4CD9-A23E-1C0FDFDAAD46}C:\users\maggiemay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maggiemay\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

20-05-2016 23:53:46 Removed Norton Online Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1484

Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1484

Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2937

Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2937

Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1422

Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1422

Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/21/2016 10:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5266


System errors:
=============
Error: (05/22/2016 05:56:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/22/2016 01:55:30 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/21/2016 11:26:14 PM) (Source: DCOM) (EventID: 10010) (User: MAGGIEMAY-PC)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_c1bf4a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_c1bf4a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_c1bf4a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_c1bf4a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/21/2016 10:46:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/21/2016 10:43:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/21/2016 01:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4c4197 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-18 12:49:26.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 13:10:52.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 11:13:07.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:07.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:07.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:07.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:07.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:06.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:05.353
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-05-14 11:13:05.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 3544.36 MB
Available physical RAM: 1932.69 MB
Total Virtual: 7128.36 MB
Available Virtual: 5196.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:160.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-05-2016 01
Ran by maggiemay (administrator) on MAGGIEMAY-PC (22-05-2016 19:00:12)
Running from C:\Users\maggiemay\Downloads
Loaded Profiles: maggiemay (Available Profiles: maggiemay)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam7\YouCamService7.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google, Inc) C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Spotify Ltd) C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Able2Extract 9.0 Print Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe [9109320 2015-11-17] (Investintech.com Inc.)
HKLM\...\Run: [YouCam Service7] => C:\Program Files\CyberLink\YouCam7\YouCamService7.exe [454072 2015-06-22] (CyberLink Corp.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Update] => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-27] (Google Inc.)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Photos Backup] => C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Spotify Web Helper] => C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\MountPoints2: {0826e35e-0f3c-11e6-ba09-a4badbb0e4f7} - "F:\LG_PC_Programs.exe" 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{06e54b54-3baa-4ebf-b86b-d4ba8e1137f8}: [DhcpNameServer] 192.168.0.1 205.171.203.226
Tcpip\..\Interfaces\{3afccbf6-601e-414c-ba67-b3176e8fd1b6}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226
Tcpip\..\Interfaces\{4b91b5f4-3341-4071-92ee-15c4aea528ef}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d2d80eff
 

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
 

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
 

SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
 

SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {5C0F13CB-C721-43A4-98AF-2CDECC1AA8F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
 

SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms}
 

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.google.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer
 
 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @canon.com/EPPEX
 
 -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2
 
 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2
 
 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0
 
 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-14] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0
 
 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-14] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/GoogleUpdate;version=3 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/GoogleUpdate;version=9 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF SearchPlugin: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\searchplugins\bing-lavasoft.xml [2016-05-08]
FF Extension: WOT - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-13]
FF Extension: Adblock Plus - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13]
 
Chrome: 
=======
CHR HomePage: Default -> bing.com/?mkt=en-US&pc=__PARAM__
 

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE46737A2-8CE5-4A19-A6D9-B6569B11F37B&SSPV=
 
","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit
 
","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d2d80eff
 
","hxxp://www.google.com/"
CHR Profile: C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-01-19] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx
 
] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23]
CHR Extension: (Google Docs) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23]
CHR Extension: (Google Drive) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-04]
CHR Extension: (Google Search) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Sheets) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Avast Online Security) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-20]
CHR Extension: (Norton Identity Safe) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Yahoo Partner) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-20]
CHR Extension: (Gmail) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23]
CHR HKLM\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1917680 2016-03-08] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2015-10-30] (Broadcom Corporation)
R1 CLMirrorDriver; C:\WINDOWS\system32\DRIVERS\CLMirrorDriver.sys [21264 2015-05-20] (CyberLink)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [36824 2015-03-24] (CyberLink Corporation)
R1 MpKsl1cfb1f81; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9CF5842-C569-4F0C-A27C-BD1A220D3BBC}\MpKsl1cfb1f81.sys [39168 2016-05-22] (Microsoft Corporation)
S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2015-10-30] (Marvell)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-22 18:59 - 2016-05-22 18:59 - 00000000 ____D C:\Users\maggiemay\Downloads\FRST-OlderVersion
2016-05-19 12:43 - 2016-05-19 12:44 - 00041539 _____ C:\Users\maggiemay\Downloads\Addition.txt
2016-05-19 12:41 - 2016-05-22 19:00 - 00018412 _____ C:\Users\maggiemay\Downloads\FRST.txt
2016-05-19 11:52 - 2016-05-22 18:59 - 00001528 _____ C:\Users\maggiemay\Desktop\FRST - Shortcut.lnk
2016-05-19 11:50 - 2016-05-22 18:59 - 01733632 _____ (Farbar) C:\Users\maggiemay\Downloads\FRST.exe
2016-05-19 11:25 - 2016-05-19 11:26 - 05819274 _____ C:\Users\maggiemay\Documents\TOMTHUMBWORKTICKETSFOR5-19-25-2016.pdf
2016-05-19 11:16 - 2016-05-19 11:23 - 05943618 _____ C:\Users\maggiemay\Documents\IMG_20160519_0001.pdf
2016-05-18 21:42 - 2016-05-22 13:06 - 00000000 ___RD C:\Users\maggiemay\Google Drive
2016-05-18 21:42 - 2016-05-18 21:42 - 00001798 _____ C:\Users\maggiemay\Desktop\Google Drive.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00001113 _____ C:\Users\Public\Desktop\Google Drive.lnk
2016-05-18 21:35 - 2016-05-18 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-18 21:34 - 2016-05-18 21:34 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Google Drive Installer.exe
2016-05-18 21:24 - 2016-05-18 21:24 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-18 21:21 - 2016-05-18 21:21 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Desktop\Ninite Java 8 Malwarebytes Spotify Installer.exe
2016-05-18 21:20 - 2016-05-18 21:20 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Java 8 Malwarebytes Spotify Installer.exe
2016-05-18 21:14 - 2016-05-18 21:14 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Firefox Installer.exe
2016-05-18 21:10 - 2016-05-18 21:11 - 44584432 _____ C:\Users\maggiemay\Downloads\Firefox Setup 46.0.1.exe
2016-05-18 13:54 - 2016-05-18 13:54 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (2).pdf
2016-05-18 13:38 - 2016-05-18 13:38 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (1).pdf
2016-05-18 13:30 - 2016-05-18 13:30 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington.pdf
2016-05-17 16:16 - 2016-05-17 16:16 - 00968967 _____ C:\Users\maggiemay\Documents\CHUEYSINVOICES5-17-2016.pdf
2016-05-17 16:14 - 2016-05-17 16:15 - 00976020 _____ C:\Users\maggiemay\Documents\IMG_20160517_0001.pdf
2016-05-17 12:09 - 2016-05-17 12:09 - 00005619 _____ C:\Users\maggiemay\Downloads\smime.p7s
2016-05-16 17:27 - 2016-05-16 17:27 - 00497655 _____ C:\Users\maggiemay\Documents\TOMTHUMB139WORKTICKET.pdf
2016-05-16 17:26 - 2016-05-16 17:26 - 00504216 _____ C:\Users\maggiemay\Documents\IMG_20160516_0002.pdf
2016-05-16 16:53 - 2016-05-16 16:54 - 05326671 _____ C:\Users\maggiemay\Documents\TOMTHUMBINVOICES-5-16-2016.pdf
2016-05-16 16:43 - 2016-05-16 16:51 - 05598220 _____ C:\Users\maggiemay\Documents\IMG_20160516_0001.pdf
2016-05-16 12:44 - 2016-05-16 12:44 - 01104548 _____ C:\Users\maggiemay\Downloads\scan0034.pdf
2016-05-16 11:35 - 2016-05-16 11:35 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16 (1).zip
2016-05-16 11:33 - 2016-05-16 11:33 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16.zip
2016-05-16 11:33 - 2016-05-16 11:33 - 00000000 ____D C:\Users\maggiemay\Downloads\attachments_2016_05_16
2016-05-16 11:12 - 2016-05-16 11:12 - 03489116 _____ C:\Users\maggiemay\Downloads\scan0031 (1).pdf
2016-05-15 15:35 - 2016-05-15 15:35 - 00001916 _____ C:\Users\maggiemay\Desktop\Spotify.lnk
2016-05-15 15:35 - 2016-05-15 15:35 - 00001902 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-15 15:34 - 2016-05-15 15:34 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (6).exe
2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart.jnlp
2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart (1).jnlp
2016-05-15 00:58 - 2016-05-15 00:58 - 00008816 _____ C:\Users\maggiemay\Downloads\NoActivityAlert.csv
2016-05-14 13:45 - 2016-05-14 13:45 - 00218036 _____ C:\Users\maggiemay\Downloads\SCityHall D15012114020.pdf
2016-05-14 10:30 - 2016-05-14 10:30 - 00001530 _____ C:\Users\maggiemay\Downloads\Untitled
2016-05-13 17:38 - 2016-05-13 17:39 - 00009220 _____ C:\Users\maggiemay\Documents\cc_20160513_173806.reg
2016-05-13 17:23 - 2016-05-13 17:23 - 00001040 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-13 17:23 - 2016-05-13 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-13 17:22 - 2016-05-13 17:23 - 00000000 ____D C:\Program Files\CCleaner
2016-05-13 16:55 - 2016-05-13 17:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-13 16:54 - 2016-05-13 16:54 - 00001135 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-13 16:54 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-13 16:54 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-13 16:54 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-13 16:15 - 2016-05-13 16:15 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (5).exe
2016-05-13 16:12 - 2016-05-13 16:12 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (4).exe
2016-05-13 15:59 - 2016-05-13 15:59 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (3).exe
2016-05-13 15:58 - 2016-05-13 15:58 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (2).exe
2016-05-12 23:18 - 2016-05-12 23:18 - 04780722 _____ C:\Users\maggiemay\Downloads\std-rates.zip
2016-05-12 23:15 - 2016-05-12 23:15 - 05358270 _____ C:\Users\maggiemay\Downloads\std-graph.zip
2016-05-12 19:43 - 2016-05-12 19:45 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\U3
2016-05-12 17:47 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-12 17:47 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-12 17:46 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-12 17:46 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-12 17:46 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-12 17:46 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-12 17:46 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-12 17:46 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-12 17:46 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-12 17:46 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-12 17:46 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-12 17:46 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-12 17:46 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-12 17:46 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-12 17:46 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-12 17:46 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-12 17:46 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-12 17:46 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-12 17:46 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-12 17:46 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-12 17:46 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-12 17:46 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-12 17:46 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-12 17:46 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-12 17:46 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-12 17:46 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-12 17:46 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-12 17:46 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-12 17:46 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-12 17:46 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-12 17:46 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-12 17:46 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-12 17:46 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-12 17:46 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-12 17:46 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-12 17:46 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-12 17:46 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-12 17:46 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-12 17:46 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-12 17:46 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-12 17:46 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-12 17:46 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-12 17:46 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-12 17:46 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-12 17:46 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-12 17:46 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-12 17:46 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-12 17:46 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-12 17:46 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-12 17:46 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-12 17:46 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-12 17:46 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-12 17:46 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-12 17:46 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-12 17:46 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-12 17:46 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-12 17:46 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-12 17:46 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-12 17:46 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-12 17:46 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-12 17:46 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-12 17:46 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-12 17:46 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-12 17:46 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-12 17:46 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-12 17:46 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-12 17:46 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-12 17:46 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-12 17:46 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-12 17:46 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-12 17:46 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-12 17:46 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-12 17:46 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-12 17:46 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-12 17:46 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-12 17:46 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-12 17:46 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-12 17:46 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-12 17:46 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-12 17:46 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-12 17:46 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-12 17:46 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-12 17:46 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-12 17:46 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-12 17:46 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-12 17:45 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-12 17:45 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-12 17:45 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-12 17:45 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-12 17:45 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-12 17:45 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-12 17:45 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-12 17:45 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-12 17:45 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-12 16:38 - 2016-05-13 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-12 14:28 - 2016-05-22 18:57 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Spotify
2016-05-12 14:28 - 2016-05-12 14:28 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (1).exe
2016-05-12 14:27 - 2016-05-22 18:57 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Spotify
2016-05-12 14:26 - 2016-05-12 14:26 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup.exe
2016-05-11 15:02 - 2016-05-11 15:05 - 00000000 ____D C:\Users\maggiemay\Desktop\J. R. R. Tolkien
2016-05-11 14:52 - 2016-05-11 14:52 - 00000000 ____D C:\Users\maggiemay\Desktop\review documents
2016-05-11 14:51 - 2016-05-11 14:51 - 00000000 ____D C:\Users\maggiemay\Desktop\FileHistory
2016-05-11 14:46 - 2016-05-12 15:11 - 00000000 ____D C:\Users\maggiemay\Desktop\contractors enterprises
2016-05-11 12:00 - 2016-05-11 12:00 - 00000000 ____D C:\Users\maggiemay\Documents\CASHAMERICA-PAPERWORK
2016-05-10 16:25 - 2016-05-10 16:25 - 00000000 ____D C:\Users\maggiemay\Documents\Custom Office Templates
2016-05-09 17:42 - 2016-05-09 17:42 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection7496A0A6-705C-4841-B925-861076BCC9B5
2016-05-09 11:55 - 2016-05-09 11:55 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection8E4FF7C8-4928-41AF-AE63-C15834121033
2016-05-09 11:49 - 2016-05-09 11:49 - 00004591 _____ C:\Users\maggiemay\Downloads\Attachment_CONTRACTORSENTERPRISES_20160509.csv
2016-05-09 11:47 - 2016-05-09 11:47 - 00010994 _____ C:\Users\maggiemay\Downloads\InvoiceNoBackup.csv
2016-05-08 18:36 - 2016-05-08 18:36 - 00000000 ____D C:\Users\maggiemay\AppData\Local\OurrarUdl
2016-05-08 18:32 - 2016-05-08 18:32 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Digiarty
2016-05-08 18:31 - 2016-05-08 18:31 - 00000000 ____D C:\Video
2016-05-08 18:30 - 2016-05-08 18:30 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2016-05-08 18:30 - 2016-05-08 18:30 - 00002976 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-08 18:29 - 2016-05-08 18:37 - 00000000 ____D C:\Users\maggiemay\AppData\Local\YouTubeDownloaderGuru
2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\music_downloader_guru.exe
2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\Music_Downloader_Guru (1).exe
2016-05-08 17:28 - 2016-05-08 17:28 - 00000000 ____D C:\Users\maggiemay\Documents\.DataStorage
2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX2
2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX
2016-05-04 14:22 - 2016-05-04 14:22 - 01133556 _____ C:\Users\maggiemay\Documents\signedPEPBOYSWORKTICKETS5-4-2016.pdf
2016-05-04 14:06 - 2016-05-04 14:06 - 01129845 _____ C:\Users\maggiemay\Downloads\scan0032.pdf
2016-05-03 17:40 - 2016-05-04 15:22 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2016-05-03 17:30 - 2016-05-03 17:30 - 00185148 _____ C:\Users\maggiemay\Documents\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf
2016-05-03 17:28 - 2016-05-03 17:28 - 00188612 _____ C:\Users\maggiemay\Downloads\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf
2016-05-03 17:23 - 2016-05-11 17:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-05-03 17:21 - 2016-05-03 17:21 - 00002046 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-05-03 17:21 - 2016-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series User Registration
2016-05-03 17:16 - 2016-05-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-05-03 17:16 - 2016-05-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual
2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\Program Files\CanonBJ
2016-05-03 17:15 - 2014-02-04 15:28 - 00296448 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAC.dll
2016-05-03 17:15 - 2014-02-04 15:28 - 00097280 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAI.dll
2016-05-03 17:15 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAL.dll
2016-05-02 13:47 - 2016-05-02 13:47 - 14875383 _____ C:\Users\maggiemay\Downloads\scan0031.pdf
2016-04-29 16:31 - 2016-04-29 16:31 - 05023789 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_29.zip
2016-04-28 10:25 - 2016-04-28 10:25 - 08388199 _____ C:\Users\maggiemay\Downloads\TOMTHUMBINVOICES4-11-2016.pdf
2016-04-28 10:23 - 2016-04-28 10:23 - 01674261 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_28.zip
2016-04-26 16:53 - 2016-05-18 21:24 - 00000000 ____D C:\Users\maggiemay\.oracle_jre_usage
2016-04-25 15:41 - 2014-03-18 05:00 - 00330752 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMCA.DLL
2016-04-25 15:33 - 2014-03-18 05:00 - 00329216 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCA.DLL
2016-04-25 15:33 - 2013-12-02 12:51 - 00096000 _____ C:\WINDOWS\system32\CNC177FD.TBL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-22 19:01 - 2015-11-22 18:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-22 19:00 - 2016-01-19 15:22 - 00000000 ____D C:\FRST
2016-05-22 17:52 - 2016-03-27 13:37 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job
2016-05-22 17:32 - 2015-11-22 18:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-22 13:52 - 2016-03-27 13:37 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job
2016-05-22 11:37 - 2015-11-22 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-22 11:24 - 2015-11-22 18:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 17:19 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-21 11:38 - 2016-02-24 13:15 - 00000000 ____D C:\Users\maggiemay\AppData\Local\CrashDumps
2016-05-21 10:55 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-21 00:05 - 2016-01-19 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2016-05-20 23:57 - 2016-02-29 16:14 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-05-20 23:55 - 2016-02-19 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-20 23:50 - 2016-02-19 16:21 - 00000000 ____D C:\ProgramData\Norton
2016-05-20 23:50 - 2015-12-03 22:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-20 23:49 - 2015-12-03 22:37 - 00000000 ____D C:\Users\maggiemay
2016-05-20 23:49 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-20 23:42 - 2015-12-03 23:46 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Packages
2016-05-20 23:00 - 2015-10-30 01:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-20 23:00 - 2015-10-30 01:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-20 22:55 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-19 13:55 - 2015-11-22 18:31 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Google
2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Program Files\Google
2016-05-18 21:26 - 2016-01-19 13:08 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 21:26 - 2016-01-19 13:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-05-18 21:25 - 2016-01-19 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-18 21:25 - 2016-01-19 11:43 - 00000000 ____D C:\Program Files\Java
2016-05-18 21:24 - 2016-01-19 11:44 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2016-05-18 12:55 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF
2016-05-14 12:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 11:05 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 17:34 - 2016-04-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-13 17:34 - 2015-12-04 01:30 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-13 14:40 - 2015-12-03 23:47 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 14:34 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 13:13 - 2015-10-30 01:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-13 13:08 - 2015-12-09 16:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-13 12:55 - 2015-12-09 16:43 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 11:02 - 2016-01-19 11:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-12 20:59 - 2016-02-20 19:12 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 20:59 - 2015-11-22 18:33 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 19:46 - 2015-12-03 22:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-12 18:33 - 2015-12-03 23:48 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Publishers
2016-05-11 15:57 - 2015-10-30 01:49 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 01:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-05-11 14:59 - 2015-12-04 15:13 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIES IMPORTANT PAPER WORK
2016-05-09 13:32 - 2015-12-03 12:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-07 11:54 - 2015-10-30 01:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-07 11:52 - 2015-12-14 10:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-04 18:01 - 2015-11-30 15:26 - 00000000 ___RD C:\Users\maggiemay\Documents\Scanned Documents
2016-05-04 14:07 - 2015-12-06 15:30 - 00000000 ____D C:\Users\maggiemay\MAGGIESIMPORTANTPAPERWORK
2016-05-03 17:39 - 2015-12-06 15:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-05-03 17:39 - 2015-12-02 21:29 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\canon
2016-05-03 17:22 - 2015-12-02 21:12 - 00000000 ____D C:\Program Files\Canon
2016-05-03 17:22 - 2015-10-30 01:48 - 00000000 __RSD C:\WINDOWS\Media
2016-05-03 17:21 - 2015-12-02 21:20 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2016-05-03 17:13 - 2015-11-23 03:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-03 11:16 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-05-02 14:24 - 2015-12-08 16:32 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIESPICTURES
2016-04-26 16:50 - 2015-12-03 23:51 - 00002425 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 16:50 - 2015-12-03 23:51 - 00000000 ___RD C:\Users\maggiemay\OneDrive
2016-04-22 15:11 - 2015-12-03 22:31 - 00342088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-22 03:57 - 2015-11-29 21:54 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-01-19 14:06 - 2016-01-21 12:06 - 0000100 _____ () C:\Users\maggiemay\AppData\Roaming\WB.CFG
2015-11-23 22:45 - 2015-11-23 22:45 - 0003584 _____ () C:\Users\maggiemay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-30 15:58 - 2015-11-30 15:59 - 0000660 _____ () C:\ProgramData\LMADGscan.log
 
Some files in TEMP:
====================
C:\Users\maggiemay\AppData\Local\Temp\SpotifyUninstall.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-05-19 12:59
 
==================== End of FRST.txt ============================
cleardot.gif
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.