Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer is infected


  • Please log in to reply

#1
[email protected]

[email protected]

    New Member

  • Member
  • Pip
  • 1 posts

Have Norton Security, and Norton has been blocking the following site.  Not sure what to do to prevent this from happening.  Been getting this message from Norton for over a week now.  Use Google Chrome as my search engine.

 

http://newstarads.co...t=1497727053694

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Candice (administrator) on CANDYLAPTOP (17-06-2017 12:22:20)
Running from C:\Users\Candice\Downloads
Loaded Profiles: Candice (Available Profiles: Candice)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Flux Software LLC) C:\Users\Candice\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\conathst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Candice\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [f.lux] => C:\Users\Candice\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Candice\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-09-03] (Yahoo!, Inc.)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [Yahoo Messenger] => "C:\Users\Candice\AppData\Local\yahoomessenger\update.exe" --processStart "Yahoo Messenger.exe"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-15] (Google Inc.)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [1278456 2017-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\MountPoints2: {3e4d30af-4274-11e3-8250-806e6f6e6963} - "D:\Honda.exe" 
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1FBC3168-3EB6-45CD-A674-D75968D6E6BC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.9.4.8&locale=en_US&guid=1176244F-34CA-4E1C-B35B-88BF5A26EF56&doi=2017-03-16&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> {3FF44049-6455-439E-9BEA-28AD25241F6E} URL = 
SearchScopes: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.9.4.8&locale=en_US&guid=1176244F-34CA-4E1C-B35B-88BF5A26EF56&doi=2017-03-16&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> {F966B9F3-92B9-4DA1-BABB-86E42D7EC7AC} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v69-3_z
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2339858271-1076432491-480709755-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
 
FireFox:
========
FF DefaultProfile: krt8zfuh.default
FF ProfilePath: C:\Users\Candice\AppData\Roaming\Mozilla\Firefox\Profiles\krt8zfuh.default [2017-06-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2017-06-02]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: (Norton Identity Safe Toolbar) - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2017-05-14] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2339858271-1076432491-480709755-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Candice\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-08-09] (RocketLife, LLP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html", Active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default [2017-06-17]
CHR Extension: (Google Slides) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Sudoku) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcakknhjoenfgbnhhdpjiiflojkggmgo [2016-11-07]
CHR Extension: (YouTube) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-08]
CHR Extension: (Google Search) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Safe Search) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmjebopdfadlojffinnmidjffhggcggp [2017-04-27]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-22]
CHR Extension: (Google Sheets) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2017-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Yahoo Web) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoaaefekppmlgpgfegdedfcehnkafeo [2016-07-26]
CHR Extension: (Norton Safe) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2017-04-27]
CHR Extension: (Unseen) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2017-03-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-23]
CHR Extension: (myTaste Browser Button) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfnnmioagmcopmmbdfpodhcpnehddbi [2017-05-18]
CHR Extension: (Safe Search) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\liigmalpckdajahpggpbkjbfmpieongf [2017-03-26]
CHR Extension: (Mahjong Solitaire) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2017-03-16]
CHR Extension: (Norton Safe) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2017-06-08]
CHR Extension: (Gmail) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-23]
CHR Extension: (Chrome Media Router) - C:\Users\Candice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [326160 2017-05-26] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-25] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20170616.003\BHDrvx64.sys [1862784 2017-05-18] (Symantec Corporation)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1609040.008\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
S1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20170616.001\IDSvia64.sys [1053824 2017-05-19] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-06-16] (Malwarebytes)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-25] (Dritek System Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1609040.008\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1609040.008\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-19] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1609040.008\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1609040.008\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160706.008\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-17 12:22 - 2017-06-17 12:22 - 00027032 _____ C:\Users\Candice\Downloads\FRST.txt
2017-06-17 12:22 - 2017-06-17 12:22 - 00000000 ____D C:\FRST
2017-06-17 12:21 - 2017-06-17 12:21 - 02438656 _____ (Farbar) C:\Users\Candice\Downloads\FRST64.exe
2017-06-17 12:21 - 2017-06-17 12:21 - 02438656 _____ (Farbar) C:\Users\Candice\Downloads\FRST64 (1).exe
2017-06-17 12:20 - 2017-06-17 12:20 - 01777152 _____ (Farbar) C:\Users\Candice\Downloads\FRST.exe
2017-06-17 11:06 - 2017-06-17 11:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-06-16 21:20 - 2017-06-16 21:20 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-16 21:20 - 2017-06-16 21:20 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-16 21:19 - 2017-06-16 21:19 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-16 21:19 - 2017-06-16 21:19 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-16 21:06 - 2017-06-16 21:06 - 00074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2017-06-16 21:06 - 2017-06-16 21:06 - 00003548 _____ C:\WINDOWS\System32\Tasks\iolo SCU task one
2017-06-16 21:06 - 2017-06-16 21:06 - 00001199 _____ C:\Users\Candice\Desktop\System Checkup.lnk
2017-06-16 21:06 - 2017-06-16 21:06 - 00000000 ____D C:\Users\Candice\AppData\Roaming\iolo
2017-06-16 21:06 - 2017-06-16 21:06 - 00000000 ____D C:\ProgramData\iolo
2017-06-16 21:06 - 2017-06-16 21:06 - 00000000 ____D C:\Program Files (x86)\iolo
2017-06-16 19:46 - 2017-06-16 21:20 - 00035542 _____ C:\WINDOWS\ntbtlog.txt
2017-06-14 09:55 - 2017-06-02 04:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 09:55 - 2017-05-14 13:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-14 09:55 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 09:55 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 09:55 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-14 09:55 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-14 09:55 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 09:55 - 2017-05-14 12:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-14 09:55 - 2017-05-14 12:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-14 09:55 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 09:55 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-14 09:55 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 09:55 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-14 09:55 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 09:55 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 09:55 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 09:55 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 09:55 - 2017-05-14 11:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-14 09:55 - 2017-05-14 11:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-14 09:55 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 09:55 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 09:55 - 2017-05-14 11:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 09:55 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 09:55 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 09:55 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-14 09:55 - 2017-05-14 11:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 09:55 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 09:55 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-14 09:55 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 09:55 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 09:55 - 2017-05-14 11:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 09:55 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-14 09:55 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-14 09:55 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-14 09:55 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-14 09:55 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-14 09:55 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 09:55 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 09:55 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-14 09:55 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-14 09:55 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-14 09:55 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-14 09:55 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-14 09:55 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-14 09:55 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 09:55 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 09:55 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 09:55 - 2017-04-21 14:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-14 09:55 - 2017-04-21 14:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-14 09:55 - 2017-04-21 14:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-14 09:55 - 2017-04-21 14:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-14 09:55 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-14 09:55 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-14 09:55 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-06-14 09:55 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-14 09:55 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-14 09:55 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-06-14 09:55 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-14 09:55 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-14 09:55 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-14 09:55 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-14 09:55 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-14 09:55 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-14 09:55 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-14 09:55 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-14 09:55 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-14 09:55 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-14 09:55 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-14 09:55 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-14 09:55 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-14 09:55 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-14 09:55 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-14 09:55 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-14 09:55 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-06-14 09:55 - 2017-04-11 11:27 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-14 09:55 - 2017-04-11 11:27 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-14 09:55 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 09:55 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 09:55 - 2017-03-15 11:15 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-14 09:55 - 2017-03-15 11:15 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-14 09:55 - 2017-03-07 19:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-06-14 09:55 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-06-14 09:55 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-06-14 09:55 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-14 09:54 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-14 09:54 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-14 09:54 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-14 09:54 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 09:54 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-14 09:54 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 09:54 - 2017-06-02 03:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 09:54 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-14 09:54 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-14 09:54 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-14 09:54 - 2017-06-02 03:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 09:54 - 2017-06-02 02:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 09:54 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 09:54 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 09:54 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 09:54 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-14 09:54 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-14 09:54 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 09:54 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 09:54 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 09:54 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 09:54 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-14 09:54 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 09:54 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 09:54 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 09:54 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 09:54 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-06-14 09:54 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 09:54 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-14 09:54 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-14 09:54 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-14 09:54 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-14 09:54 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-14 09:54 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-14 09:54 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 09:54 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-14 09:54 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-14 09:54 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-14 09:54 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-14 09:54 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-14 09:54 - 2017-04-02 09:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-14 09:54 - 2017-04-02 09:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-14 09:54 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 09:54 - 2017-04-02 06:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-14 09:54 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-14 09:54 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-14 09:54 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-06-14 09:54 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-06-14 09:54 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-06-14 09:54 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-06-14 09:54 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-06-14 09:54 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-06-14 09:54 - 2017-03-12 08:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 09:54 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-14 09:54 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-14 09:54 - 2017-03-10 16:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-14 09:54 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-06-14 09:54 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-06-14 09:54 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-14 09:54 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-14 09:54 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-14 09:54 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-06-14 09:54 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-14 09:54 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-14 09:54 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-14 09:54 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-14 09:54 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 09:54 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-14 09:54 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-06-14 09:54 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-06-14 09:54 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-06-14 09:54 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-06-14 09:54 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-14 09:54 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 09:54 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 09:54 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 09:54 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 09:54 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 09:54 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-06-14 09:54 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-06-14 09:54 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-06-14 09:54 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-06-14 09:54 - 2017-01-11 10:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-06-14 09:54 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-06-14 09:54 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-06-14 09:54 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-06-14 09:54 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-06-14 09:54 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-06-14 09:54 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-06-14 09:54 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-06-14 09:54 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-06-14 09:54 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-06-14 09:54 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-06-14 09:54 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-14 09:54 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-06-14 09:54 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-14 09:54 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-13 22:38 - 2017-06-13 22:38 - 00025533 _____ C:\Users\Candice\Downloads\ExportGridView (15).xls
2017-06-06 00:53 - 2017-06-06 00:53 - 00135873 _____ C:\Users\Candice\Documents\2016 Working_Expenses66c.xlsx
2017-06-04 22:15 - 2017-06-05 18:05 - 00135214 _____ C:\Users\Candice\Documents\2016 Working_Expenses1018pmc.xlsx
2017-06-04 17:51 - 2017-06-05 00:06 - 00136124 _____ C:\Users\Candice\Documents\2016 Working_Expenses548pmc.xlsx
2017-06-04 14:16 - 2017-06-04 17:48 - 00131360 _____ C:\Users\Candice\Documents\2016 Working_Expenses216pm.xlsx
2017-06-04 09:41 - 2017-06-04 09:41 - 00109807 _____ C:\Users\Candice\Desktop\2016 US Bank Charges.xlsx
2017-06-04 00:20 - 2017-06-04 00:20 - 00003226 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-06-03 17:42 - 2017-06-03 17:42 - 00107842 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (10).xlsx
2017-06-03 17:42 - 2017-06-03 17:42 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (9).xlsx
2017-06-03 17:41 - 2017-06-03 17:41 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (8).xlsx
2017-06-03 17:41 - 2017-06-03 17:41 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (7).xlsx
2017-06-03 17:33 - 2017-06-03 17:33 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (6).xlsx
2017-06-03 16:44 - 2017-06-03 16:44 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (5).xlsx
2017-06-03 16:28 - 2017-06-03 16:28 - 00107842 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (4).xlsx
2017-06-03 13:22 - 2017-06-03 13:22 - 00003624 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2017-06-03 13:22 - 2017-06-03 13:22 - 00002227 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2017-06-03 13:22 - 2017-06-03 13:22 - 00001179 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2017-06-03 13:22 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5912.dll
2017-06-03 13:18 - 2017-06-03 13:18 - 00000057 _____ C:\ProgramData\Ament.ini
2017-06-03 12:43 - 2017-06-03 12:53 - 00109815 _____ C:\Users\Candice\Desktop\2015 US Band Charges.xlsx
2017-06-03 12:43 - 2017-06-03 12:43 - 00107842 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (3).xlsx
2017-06-03 12:41 - 2017-06-03 12:41 - 00129107 _____ C:\Users\Candice\Downloads\2015 BUS EXP WITH US BANK CHARGES.xlsx
2017-06-03 12:07 - 2017-06-03 17:01 - 00127540 _____ C:\Users\Candice\Desktop\2015 BUS EXP WITH US BANK CHARGES.xlsx
2017-06-02 21:33 - 2017-06-02 21:33 - 00054002 _____ C:\Users\Candice\Desktop\2014_Expenses Broken Down.xlsx
2017-06-02 20:22 - 2017-06-02 20:22 - 00108238 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (2).xlsx
2017-06-02 20:20 - 2017-06-02 20:21 - 00108243 _____ C:\Users\Candice\Downloads\2015_Working_Expenses (1).xlsx
2017-06-02 20:19 - 2017-06-02 20:19 - 00107840 _____ C:\Users\Candice\Downloads\2015_Working_Expenses.xlsx
2017-06-02 18:21 - 2017-06-03 13:52 - 00125098 _____ C:\Users\Candice\Desktop\2016 Working_Expenses3.xlsx
2017-06-02 18:17 - 2017-06-02 18:17 - 00124585 _____ C:\Users\Candice\Downloads\2016 Working_Expenses2 (1).xlsx
2017-06-02 18:16 - 2017-06-02 18:16 - 00124585 _____ C:\Users\Candice\Downloads\2016 Working_Expenses2.xlsx
2017-06-02 17:55 - 2017-06-02 17:55 - 00126808 _____ C:\Users\Candice\Desktop\2016 Working_Expenses2.xlsx
2017-06-02 17:22 - 2017-06-02 17:22 - 00126826 _____ C:\Users\Candice\Downloads\2016 Working_Expenses.xlsx
2017-06-02 17:22 - 2017-06-02 17:22 - 00126826 _____ C:\Users\Candice\Downloads\2016 Working_Expenses (1).xlsx
2017-06-02 17:17 - 2017-06-02 17:17 - 00126826 _____ C:\Users\Candice\Desktop\2016 Working_Expenses.xlsx
2017-06-02 16:53 - 2017-06-02 16:53 - 00003690 _____ C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-02 14:23 - 2017-06-04 00:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2017-05-31 00:17 - 2017-05-31 00:17 - 00057743 _____ C:\Users\Candice\Downloads\SCAN9915.PDF
2017-05-30 13:16 - 2017-05-30 13:16 - 00021629 _____ C:\Users\Candice\Downloads\ExportGridView (13).xls
2017-05-30 13:16 - 2017-05-30 13:16 - 00021629 _____ C:\Users\Candice\Downloads\ExportGridView (12).xls
2017-05-30 13:16 - 2017-05-30 13:16 - 00021573 _____ C:\Users\Candice\Downloads\ExportGridView (14).xls
2017-05-30 12:17 - 2017-05-30 12:17 - 00027516 _____ C:\Users\Candice\Downloads\ExportGridView (11).xls
2017-05-26 11:23 - 2017-06-11 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-26 11:17 - 2017-05-26 11:17 - 54303648 _____ (Amazon.com) C:\Users\Candice\Downloads\KindleForPC-installer-1.20.47037 (2).exe
2017-05-26 11:17 - 2017-05-26 11:17 - 00002286 _____ C:\Users\Candice\Desktop\Kindle.lnk
2017-05-26 11:16 - 2017-05-26 11:17 - 54303648 _____ (Amazon.com) C:\Users\Candice\Downloads\KindleForPC-installer-1.20.47037 (1).exe
2017-05-26 10:16 - 2017-05-26 10:17 - 54303648 _____ (Amazon.com) C:\Users\Candice\Downloads\KindleForPC-installer-1.20.47037.exe
2017-05-22 23:12 - 2017-05-22 23:12 - 00244627 _____ C:\Users\Candice\Downloads\fosterapp.pages
2017-05-22 22:25 - 2017-05-22 22:25 - 02629123 _____ C:\Users\Candice\Downloads\10fe039a30d0f82e51511eabaa1a7666b7524699.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-17 11:58 - 2016-12-08 17:18 - 00000000 ____D C:\Users\Candice\AppData\LocalLow\Mozilla
2017-06-17 11:53 - 2015-05-10 19:38 - 00000000 ____D C:\Users\Candice\AppData\Local\NPE
2017-06-17 11:47 - 2016-09-04 01:33 - 00000438 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2017-06-17 10:59 - 2013-04-24 10:34 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2339858271-1076432491-480709755-1001
2017-06-17 10:54 - 2013-10-31 15:04 - 00000000 __RDO C:\Users\Candice\SkyDrive
2017-06-17 00:12 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-16 21:43 - 2013-09-29 21:04 - 00877620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-16 21:37 - 2016-08-02 20:45 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-16 21:37 - 2013-10-31 14:35 - 00053284 _____ C:\WINDOWS\system32\wpbbin.exe
2017-06-16 21:37 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-16 21:37 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-16 21:20 - 2014-12-07 14:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-16 21:19 - 2014-12-07 14:52 - 00000000 ____D C:\Users\Candice\AppData\Local\Deployment
2017-06-16 20:17 - 2015-11-12 04:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 20:17 - 2015-11-12 04:00 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-16 19:53 - 2013-07-11 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2017-06-16 19:53 - 2013-07-11 22:32 - 00000000 ____D C:\Program Files (x86)\eGames
2017-06-16 19:46 - 2016-02-07 00:29 - 00000000 ____D C:\NPE
2017-06-16 16:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 16:42 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 16:42 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 16:42 - 2013-04-24 10:27 - 00000000 ____D C:\Users\Candice\AppData\Local\Packages
2017-06-14 10:12 - 2014-01-02 10:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 10:12 - 2014-01-02 10:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 10:12 - 2013-08-22 07:44 - 00464840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 10:11 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-14 10:11 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-14 10:11 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-06-14 10:11 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-14 10:04 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 10:03 - 2014-01-02 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 10:01 - 2013-09-05 11:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 09:59 - 2013-06-03 10:52 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 09:57 - 2013-08-22 06:25 - 00000188 _____ C:\WINDOWS\win.ini
2017-06-12 22:45 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-12 22:31 - 2015-08-26 16:22 - 00000000 ____D C:\Users\Candice\Documents\My Kindle Content
2017-06-12 22:15 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-06-11 19:34 - 2016-05-10 07:31 - 00000000 ____D C:\Users\Candice\AppData\Local\Adobe
2017-06-11 18:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-11 18:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-11 18:21 - 2013-09-05 18:27 - 00000000 ____D C:\Users\Candice\AppData\Local\CrashDumps
2017-06-04 10:02 - 2017-05-09 21:19 - 00000000 ____D C:\2016 Expenses
2017-06-04 00:46 - 2015-06-09 22:01 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-04 00:20 - 2016-07-07 16:41 - 00002342 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-06-04 00:20 - 2015-08-21 12:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2017-06-04 00:20 - 2015-08-21 12:03 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2017-06-03 13:22 - 2015-11-05 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-03 13:21 - 2015-11-05 13:16 - 00000000 ____D C:\ProgramData\HP
2017-06-03 13:21 - 2015-11-05 13:16 - 00000000 ____D C:\Program Files\HP
2017-06-03 13:21 - 2015-11-05 13:16 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-03 11:09 - 2016-07-25 02:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-03 11:04 - 2015-05-02 00:23 - 00000000 ____D C:\Users\Candice\AppData\Local\ElevatedDiagnostics
2017-06-02 19:31 - 2016-06-27 12:12 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 19:31 - 2016-06-27 12:12 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 15:58 - 2013-10-31 14:41 - 00000000 ____D C:\Users\Candice
2017-05-31 23:42 - 2016-08-02 18:30 - 00000000 ____D C:\Users\Candice\AppData\Roaming\Kodi
2017-05-28 11:11 - 2016-12-03 00:32 - 00000000 ___RD C:\Users\Candice\iCloudDrive
2017-05-26 10:17 - 2015-08-26 16:22 - 00000000 ____D C:\Users\Candice\AppData\Local\Amazon
2017-05-26 01:39 - 2014-03-24 13:17 - 00012592 _____ C:\Users\Candice\AppData\Roaming\wklnhst.dat
2017-05-22 01:05 - 2016-02-16 20:03 - 00000000 ____D C:\Users\Candice\Documents\Gardening
2017-05-19 09:49 - 2015-08-21 12:06 - 00102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-05-19 09:49 - 2015-08-21 12:06 - 00008339 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
 
==================== Files in the root of some directories =======
 
2014-03-24 13:17 - 2017-05-26 01:39 - 0012592 _____ () C:\Users\Candice\AppData\Roaming\wklnhst.dat
2017-06-03 13:18 - 2017-06-03 13:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-25 12:36 - 2012-12-25 12:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-13 14:04 - 2017-03-29 08:50 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
2015-05-05 12:21 - 2006-10-27 22:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Candice\AppData\Local\Temp\ose00000.exe
2015-05-05 12:27 - 2006-10-27 22:28 - 0145184 ____R (Microsoft Corporation) C:\Users\Candice\AppData\Local\Temp\ose00001.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-16 20:28
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Candice (17-06-2017 12:22:47)
Running from C:\Users\Candice\Downloads
Windows 8.1 (Update) (X64) (2013-10-31 22:02:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2339858271-1076432491-480709755-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2339858271-1076432491-480709755-1005 - Limited - Enabled)
Candice (S-1-5-21-2339858271-1076432491-480709755-1001 - Administrator - Enabled) => C:\Users\Candice
Guest (S-1-5-21-2339858271-1076432491-480709755-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements 2 (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\4 Elements 2) (Version: 1.0.0.0 - eGames)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cook'n (HKLM-x32\...\Cook'n) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.6.002_WHQL (HKLM\...\Elantech) (Version: 11.6.6.002 - ELAN Microelectronic Corp.)
f.lux (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{3D535C93-9786-48D5-9DEF-97353F1CB936}) (Version: 1.1.3 - Acer Incorporated)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\HP Photo Creations) (Version: 1.0.0.21292 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Kodi (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\Kodi) (Version:  - XBMC-Foundation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 Update (HKLM-x32\...\PictureItPrem_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.9.4.8 - Symantec Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
System Checkup 4.0 (HKLM-x32\...\{918D30D3-AD9B-43A8-9EF7-463075DC93CD}_is1) (Version: 4.0.0.145 - iolo technologies, LLC)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Yahoo Messenger (HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\yahoomessenger) (Version: 0.8.288 - Yahoo! Inc)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2339858271-1076432491-480709755-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0485F4B3-CC66-434C-BAC1-2A18AE1FC5AE} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Candice\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-08-09] ()
Task: {0E3BA0BC-C9DA-41AD-BBCD-645130A3C7CC} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1071A672-7B08-4260-ABA5-07FAD3D2AF85} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {30EF4C09-D7BF-48ED-9357-365DC8274ECD} - System32\Tasks\{C5F18447-580D-48C6-A79D-1E199CEDB936} => pcalua.exe -a C:\Users\Candice\Downloads\USBDrivers_231.exe -d C:\Users\Candice\Downloads
Task: {32085E2B-02E1-4F97-B2D5-DBC79BCD001A} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {34F132CA-3264-47DC-A8D2-A31FCFE9C7B6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\WSCStub.exe [2017-05-26] (Symantec Corporation)
Task: {3DA12936-8ECF-424C-B4BF-CB0C1D1FB015} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {41FDF108-0A68-4763-9FF7-7F41D5F73CC1} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Acer\updater2\Download\52971984\D\UpgradeDownload.exe [2017-06-02] ()
Task: {46A9B18A-43CF-4638-83CA-279961BF5BCA} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {4EE9248F-102E-4EBA-BF72-5C6D55C15894} - System32\Tasks\iolo SCU task one => C:\ProgramData\iolo\SCU\sculnch.lnk [Argument = /toaster]
Task: {65B6CC7C-793C-4A96-8C58-6930EC5E73CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {7C1910FC-0210-44DA-8107-14066E862061} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {82F01C5F-F969-40AE-8604-7BCF03669A7F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {95888EB0-1D7B-483D-B7B6-7FC35834BDC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {9703AD09-D838-4B24-80F8-88774CE9B257} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-05-26] (Symantec Corporation)
Task: {A92C7991-96B6-4E1F-AEF8-F859308818C4} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {AE62053B-6CCB-4BBB-BCD4-DAB926950D32} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AEA6A390-3122-4F31-AEFD-5EB3AB05B471} - System32\Tasks\{2BC159D1-E78F-4EB7-BE46-5BB6CCD87EE2} => pcalua.exe -a D:\SETUP.EXE -d D:\ -c /AUTORUN
Task: {B5B924B8-3037-4B7E-9C64-8F8842CB02BF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C3294E87-22A5-42D6-9E02-1A17EC8A6019} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CA58A936-3E02-4D82-9E85-D9B6CF4C3475} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {DC23F0D2-22F8-4113-B2A6-726712DD900A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {E4AEB81A-FF4F-4C80-8AA6-C7BA8F3D7E19} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {E68ADD93-3185-476F-9FA5-6A6C501D00AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-16] (Google Inc.)
Task: {EB085B99-24C2-4A2D-9BCE-7A6C6A07C242} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {F620DF4A-E628-4EB0-9050-B432A3B30718} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {FEDE66BD-5909-4558-818A-1F7E1CF0EC34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\Candice\AppData\Roaming\HP Photo Creations\Communicator.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-23 15:02 - 2012-08-23 15:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2012-08-22 16:04 - 2012-08-22 16:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 16:04 - 2012-08-22 16:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2017-06-16 21:20 - 2017-06-15 00:29 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.104\libglesv2.dll
2017-06-16 21:20 - 2017-06-15 00:29 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.104\libegl.dll
2012-12-25 12:34 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-23 15:02 - 2012-08-23 15:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Candice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dolby Advanced Audio v2"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "Yahoo Messenger"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "Yahoo Messenger Updater"
HKU\S-1-5-21-2339858271-1076432491-480709755-1001\...\StartupApproved\Run: => "iCloudDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6FEAB8FC-9654-4508-9520-596E6187ADA3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D836DE7B-B74C-415B-9D73-0BF52B7C1E82}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{DBA78830-46A1-4EC0-A05F-D865A7FA83BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0587A7CD-79D8-472F-A864-1B4B8DC29529}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{740F15FB-3F64-498C-B7DD-41124A27AA46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{13C7F655-D1C3-47BF-96C1-36B830CDCC9A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{2068D24E-9707-4A9B-9C73-D49E891869D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{763A2BAA-FFA3-420C-BA37-D666B85678DC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{21CB2926-EC6A-4FF8-B0EF-8BFD898AEF40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{623E785A-DFFB-4379-963F-BEEEE3FCAEB5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{D0D8BFB1-B9DB-4EB8-9899-179257D49C7D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{A3C120C6-BBCA-4DE5-93F1-56971EAC93AF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D6361DCC-EAE4-4641-9732-E2A2B0D93A1C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{CCD4B47E-9D40-4E01-B9CE-88B1D8D8E601}] => (Allow) LPort=1900
FirewallRules: [{AA8AE43F-1D67-4A2C-AF87-E1F17AB1CBC8}] => (Allow) LPort=2869
FirewallRules: [{25D09A66-AE8F-44DE-A7A7-0D785DC7CA19}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15DE1F2E-3735-477F-ABF5-1F857C58B8E7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{12411EE9-47CF-4909-B667-42E4166E10EA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{2957EFF7-F7A9-42B4-AC40-EA21B82E3690}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{B3A2E8A4-FCD9-4A96-885F-FA7B3155F63D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{FDFD0A86-4F74-4CDE-B5E5-71EAF5FE47D6}] => (Allow) LPort=5357
FirewallRules: [{F5B18486-6DC9-41BD-823F-0609F252FD0B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{331BA23A-72E1-4D64-97B1-35CD0A91FA7B}] => (Allow) C:\Users\Candice\AppData\Local\Temp\7zS4EE5\HPDiagnosticCoreUI.exe
FirewallRules: [{46220DD6-0288-453C-A7B9-33FCA0A1F79D}] => (Allow) C:\Users\Candice\AppData\Local\Temp\7zS4EE5\HPDiagnosticCoreUI.exe
FirewallRules: [{C4EE1287-877F-4EA9-BBA8-180086A848F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{243D28F0-B324-4B06-8B56-B5FF29672F24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{667676D4-8532-4302-837E-392A30312F6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{881FD994-40E2-4A54-AE9E-549740787CC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D7FAA4A-5DD8-4A8A-9128-9721663C93FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B34A08F9-6402-4677-ADE8-7E53F3AD9A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62950928-788A-4F69-84B6-AAF2FC638F6E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EF1C9D79-9A2A-4259-8069-189A16A8D2C2}] => (Allow) C:\Users\Candice\AppData\Local\Temp\7zS02A2\HPDiagnosticCoreUI.exe
FirewallRules: [{8F9D97B3-C62B-4B96-8F97-36E1C97A132C}] => (Allow) C:\Users\Candice\AppData\Local\Temp\7zS02A2\HPDiagnosticCoreUI.exe
FirewallRules: [{FBA1C2E7-2040-480B-AD55-8859072CCBBC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2A2FBD78-914C-49C3-89F9-A2638AC6A8E4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2C39E716-C9B8-440C-8F31-84EE0E0700B2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F18EB794-4674-4AA4-9B62-C694008FB074}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0187CFB3-2D72-4106-A132-4E57A2782ABC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A325AFCF-9586-436A-82F3-9A662C351A14}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{66C66F7C-ACDC-495D-8140-1372DCFAB463}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A097F1A2-0423-43FE-B6D8-636F319B0AEA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{89A699D4-5AB5-4903-9B0C-728F6BA277D2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{6AEDFCE5-AF07-4D30-8789-BC69804D422A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A557E99C-FD00-476E-B5AE-BE784D4A1A9E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{DCA12136-7C05-4515-A18D-565F0854879E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{C4B62ADC-7331-4C70-8FA2-51CFC2F23ABA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{05530118-50AF-4DB3-BC33-61ADE0294A15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2017 09:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SysCheckup.exe version 4.0.0.145 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1550
 
Start Time: 01d2e71f25d173f4
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\iolo\System Checkup\SysCheckup.exe
 
Report Id: bcc57eee-5314-11e7-bf12-206a8aedb934
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/16/2017 07:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3919859
 
Error: (06/16/2017 07:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3919859
 
Error: (06/16/2017 07:01:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/16/2017 04:47:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
Error: (06/16/2017 04:30:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 733719
 
Error: (06/16/2017 04:30:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 733719
 
Error: (06/16/2017 04:30:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/16/2017 04:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4625
 
Error: (06/16/2017 04:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4625
 
 
System errors:
=============
Error: (06/16/2017 09:37:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (06/16/2017 07:46:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (06/16/2017 07:46:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/11/2017 03:08:09 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1FBC3168-3EB6-45CD-A674-D75968D6E6BC} because another computer on the network has the same name.  The server could not start.
 
Error: (06/10/2017 01:40:20 AM) (Source: DCOM) (EventID: 10016) (User: CANDYLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CANDYLAPTOP\Candice SID (S-1-5-21-2339858271-1076432491-480709755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/10/2017 01:25:47 AM) (Source: DCOM) (EventID: 10016) (User: CANDYLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CANDYLAPTOP\Candice SID (S-1-5-21-2339858271-1076432491-480709755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2017 11:39:00 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CANDYLAPTOP    :0" could not be registered on the interface with IP address 192.168.1.7.
The computer with the IP address 169.254.5.187 did not allow the name to be claimed by
this computer.
 
Error: (06/06/2017 11:38:57 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CANDYLAPTOP    :0" could not be registered on the interface with IP address 192.168.1.7.
The computer with the IP address 169.254.5.187 did not allow the name to be claimed by
this computer.
 
Error: (06/06/2017 11:38:57 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CANDYLAPTOP    :20" could not be registered on the interface with IP address 192.168.1.7.
The computer with the IP address 169.254.5.187 did not allow the name to be claimed by
this computer.
 
Error: (06/06/2017 11:38:57 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{1FBC3168-3EB6-45CD-A674-D75968D6E6BC} because another computer on the network has the same name.  The server could not start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 28%
Total physical RAM: 7987.6 MB
Available physical RAM: 5737.2 MB
Total Virtual: 10419.6 MB
Available Virtual: 7918.69 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:464.95 GB) (Free:337.86 GB) NTFS
Drive d: (2017 Honda Pilot) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 

 

Thank you in advance!!


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,748 posts
  • MVP
Uninstall System Checkup and Bonjour.  Neither are working correctly and I don't trust System Checkup.
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   8.13KB   17 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP