Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

What happened? I've been infected.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

What happened? I've been infected.

Unread postby Risky Rick » December 18th, 2015, 10:52 am

"Server Not Found", and hard drive continually running when it should not be. Net is slowed way down.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Rick (administrator) on RICK-PC (17-12-2015 16:37:16)
Running from C:\Users\Rick\Downloads
Loaded Profiles: Rick (Available Profiles: Rick)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Corel Corporation) C:\Program Files (x86)\Corel\Graphics9\Programs\coreldrw.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.34020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6515.64021.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [140158008 2015-11-23] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1144104 2010-06-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [107376 2011-01-14] (Corel)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-11-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-16] (Google Inc.)
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\...\Run: [PDF Architect Update] => regsvr32.exe "C:\Users\Rick\AppData\Local\PDF Architect\outlfltr.dll"
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\...\MountPoints2: {49cc61eb-d41c-11e2-8249-90fba62bb1c9} - "J:\LaunchU3.exe" -a
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [425984 2009-08-05] ()
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk [2015-10-08]
ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK [2015-10-08]
ShortcutTarget: CorelCENTRAL 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\ccwin9.exe (Corel Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK [2015-10-08]
ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Application Director 9.LNK [2015-10-08]
ShortcutTarget: Desktop Application Director 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2009-11-16]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2009-11-16]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{669af876-e0d3-4341-81c3-4c64005eb2c7}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://startpage.com/
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2324462236-1183297055-1014908895-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS366US366
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09] (pdfforge GbR)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-29] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2324462236-1183297055-1014908895-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/s ... tor/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static ... .203.0.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\8g4acad4.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-04-22] (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-07-29] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-11-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-11-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2324462236-1183297055-1014908895-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Rick\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-05] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-03-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Battlefield Heroes) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-09]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Battlefield Heroes) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm [2012-07-20]
CHR Extension: (RealDownloader) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-22] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151216.002\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-21] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151217.003\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151217.003\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 16:37 - 2015-12-17 16:37 - 00026866 _____ C:\Users\Rick\Downloads\FRST.txt
2015-12-17 16:36 - 2015-12-17 16:37 - 00000000 ____D C:\FRST
2015-12-17 16:35 - 2015-12-17 16:36 - 02370048 _____ (Farbar) C:\Users\Rick\Downloads\FRST64.exe
2015-12-16 09:31 - 2015-12-17 08:06 - 00000000 ____D C:\Program Files (x86)\mozilla firefox
2015-12-15 11:03 - 2015-12-15 11:03 - 00500214 _____ C:\Users\Rick\Documents\Amazon - FlexMark V 325 WHITE.pdf
2015-12-15 11:02 - 2015-12-15 11:02 - 00489086 _____ C:\Users\Rick\Documents\Amazon - FlexMark V 325 Black.pdf
2015-12-15 11:02 - 2015-12-15 11:02 - 00139376 _____ C:\Users\Rick\Documents\Amazon - FlexMark V 325.CDR
2015-12-14 14:59 - 2015-12-16 08:49 - 08620306 _____ C:\Users\Rick\Documents\Amazon - ARLON 4500.pdf
2015-12-14 14:34 - 2015-12-15 17:08 - 01430072 _____ C:\Users\Rick\Documents\Backup_of_Amazon - ARLON 4500.CDR
2015-12-14 14:33 - 2015-12-15 17:10 - 01434454 _____ C:\Users\Rick\Documents\Amazon - ARLON 4500.CDR
2015-12-14 13:15 - 2015-12-14 10:22 - 12080734 _____ C:\Users\Rick\Documents\Backup_of_Seleb Farrier Bus Card.CDR
2015-12-14 10:23 - 2015-12-14 10:23 - 19333661 _____ C:\Users\Rick\Documents\Seleb Farrier Bus Card.pdf
2015-12-14 10:22 - 2015-12-14 13:15 - 12080898 _____ C:\Users\Rick\Documents\Seleb Farrier Bus Card.CDR
2015-12-14 08:08 - 2015-12-14 08:09 - 00100236 _____ C:\Users\Rick\Documents\Pops place logo.ai
2015-12-12 14:31 - 2015-12-12 14:55 - 09567726 _____ C:\Users\Rick\Documents\As In The Days Of Noah.pdf
2015-12-12 11:20 - 2015-12-08 15:48 - 00023692 _____ C:\Users\Rick\Documents\Backup_of_Hitech Scratch Pad BackCard.CDR
2015-12-10 13:04 - 2015-12-10 13:04 - 00640077 _____ C:\Users\Rick\Documents\CRONIC BC Jeff Dangar 2015.eps
2015-12-10 12:18 - 2015-12-10 12:26 - 00090661 _____ C:\Users\Rick\Documents\Aviles Painting BC.pdf
2015-12-10 12:16 - 2015-12-10 12:29 - 00181382 _____ C:\Users\Rick\Documents\Aviles Painting Magnets.ai
2015-12-10 11:51 - 2015-12-10 11:51 - 00014186 _____ C:\Users\Rick\Documents\Backup_of_Aviles Painting Magnets.cdr
2015-12-10 11:50 - 2015-12-10 12:29 - 00014200 _____ C:\Users\Rick\Documents\Aviles Painting Magnets.cdr
2015-12-10 11:44 - 2015-12-10 11:44 - 00174206 _____ C:\Users\Rick\Documents\Backup_of_Aviles Painting BC.CDR
2015-12-10 11:14 - 2015-12-10 12:26 - 00174132 _____ C:\Users\Rick\Documents\Aviles Painting BC.CDR
2015-12-10 10:46 - 2015-12-10 13:03 - 00035302 _____ C:\Users\Rick\Documents\Backup_of_CRONIC BC Jeff Dangar 2015.cdr
2015-12-10 10:43 - 2015-12-10 10:43 - 00035226 _____ C:\Users\Rick\Documents\Backup_of_CRONIC BC Jeff Danger 2015.cdr
2015-12-10 10:26 - 2015-12-10 13:08 - 00035162 _____ C:\Users\Rick\Documents\CRONIC BC Jeff Dangar 2015.cdr
2015-12-10 08:04 - 2015-12-17 11:38 - 00003574 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-10 08:04 - 2015-12-17 11:38 - 00003514 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-09 15:58 - 2015-12-09 15:58 - 00542649 _____ C:\Users\Rick\Documents\HiTech Invoice 2015 with Terms 50251.pdf
2015-12-09 15:54 - 2015-12-09 15:54 - 00497983 _____ C:\Users\Rick\Documents\HiTech Invoice 2015 with Terms.pdf
2015-12-09 15:54 - 2015-12-09 15:54 - 00146250 _____ C:\Users\Rick\Documents\HiTech Invoice 2015 with Terms.cdr
2015-12-09 13:32 - 2015-12-09 13:32 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-12-09 11:34 - 2015-11-24 05:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 11:34 - 2015-11-24 04:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-09 11:34 - 2015-11-24 04:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 11:34 - 2015-11-24 02:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 11:34 - 2015-11-24 02:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 11:34 - 2015-11-24 02:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 11:34 - 2015-11-24 02:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 11:34 - 2015-11-24 02:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 11:33 - 2015-12-01 02:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 11:33 - 2015-11-24 07:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 11:33 - 2015-11-24 06:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 11:33 - 2015-11-24 06:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 11:33 - 2015-11-24 05:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 11:33 - 2015-11-24 05:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-09 11:33 - 2015-11-24 04:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-09 11:33 - 2015-11-24 04:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 11:33 - 2015-11-24 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 11:33 - 2015-11-24 04:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 11:33 - 2015-11-24 04:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 11:33 - 2015-11-24 03:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 11:33 - 2015-11-24 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 11:33 - 2015-11-24 03:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-09 11:33 - 2015-11-24 03:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 11:33 - 2015-11-24 03:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 11:33 - 2015-11-24 03:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 11:33 - 2015-11-24 03:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 11:33 - 2015-11-24 03:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 11:33 - 2015-11-24 02:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 11:33 - 2015-11-24 02:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 11:33 - 2015-11-24 02:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 11:33 - 2015-11-24 02:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 11:33 - 2015-11-24 02:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-08 15:48 - 2015-12-12 11:20 - 00040948 _____ C:\Users\Rick\Documents\Hitech Scratch Pad BackCard.pdf
2015-12-08 15:48 - 2015-12-12 11:20 - 00023700 _____ C:\Users\Rick\Documents\Hitech Scratch Pad BackCard.CDR
2015-12-08 15:42 - 2003-04-09 14:36 - 00017298 _____ C:\Users\Rick\Documents\Backup_of_Hi-Tech pad backing.cdr
2015-12-08 15:25 - 2015-12-08 15:28 - 00346423 _____ C:\Users\Rick\Documents\Hi-Tech scratch Pad COLOR.tif
2015-12-08 15:20 - 2015-12-10 13:38 - 13739497 _____ C:\Users\Rick\Documents\Hi-Tech scratch Pad COLOR.pdf
2015-12-08 14:59 - 2015-12-08 14:59 - 16161738 _____ C:\Users\Rick\Documents\Hi-Tech Scratch Pad.pdf
2015-12-07 12:54 - 2015-12-07 12:54 - 00487181 _____ C:\Users\Rick\Downloads\gbc+protrim+63-3600218-us.pdf
2015-12-07 11:20 - 2015-12-07 11:20 - 00017815 _____ C:\Users\Rick\Documents\Letter to Tri-Copy.pdf
2015-12-07 09:44 - 2015-12-07 11:15 - 00015358 _____ C:\Users\Rick\Documents\Backup_of_Letter to Tri-Copy.CDR
2015-12-07 09:42 - 2015-12-07 11:19 - 00015410 _____ C:\Users\Rick\Documents\Letter to Tri-Copy.CDR
2015-12-06 11:58 - 2015-12-06 11:58 - 01200399 _____ C:\Users\Rick\Documents\Hi-Tech Envelope.pdf
2015-12-06 11:58 - 2015-12-06 11:46 - 01142914 _____ C:\Users\Rick\Documents\Backup_of_Hi-Tech Envelope.CDR
2015-12-06 11:46 - 2015-12-06 11:58 - 01142796 _____ C:\Users\Rick\Documents\Hi-Tech Envelope.CDR
2015-12-04 05:07 - 2015-12-04 05:08 - 112942375 _____ C:\Users\Rick\Downloads\bizhubPROC6501_C6501P_C65hc_C5501ServiceManual.pdf
2015-12-04 04:50 - 2015-12-04 04:50 - 25612231 _____ C:\Users\Rick\Downloads\bizhubPROC6501PPartsManual.pdf
2015-12-04 04:48 - 2015-12-04 04:48 - 26303515 _____ C:\Users\Rick\Downloads\bizhubPROC6501PartsManual.pdf
2015-12-04 04:24 - 2015-12-04 04:30 - 128893871 _____ C:\Users\Rick\Downloads\Konica Bizhub Pro C5501-C6501 Service Repair Manual(1).rar
2015-12-04 04:05 - 2015-12-04 04:40 - 00000000 ___RD C:\Users\Rick\Downloads\BallardAppCraftery.RARViewer_epyrqhfctk40t!App
2015-12-04 03:41 - 2015-12-04 03:41 - 26169940 _____ C:\Users\Rick\Downloads\bizhubPROC5501PartsManual.pdf
2015-12-04 03:16 - 2015-12-04 03:17 - 128893871 _____ C:\Users\Rick\Downloads\Konica Bizhub Pro C5501-C6501 Service Repair Manual.rar
2015-12-03 17:03 - 2015-12-03 17:03 - 00053787 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 FINAL RED.pdf
2015-12-03 17:02 - 2015-12-03 17:02 - 00658054 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 FINAL BLACK.pdf
2015-12-03 17:02 - 2015-12-03 17:02 - 00063768 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 FINAL BLACK.cdr
2015-12-03 16:57 - 2015-12-03 16:57 - 00023978 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 FINAL RED.cdr
2015-12-03 16:46 - 2015-12-03 16:46 - 00695665 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 FINAL.pdf
2015-12-03 14:28 - 2015-12-03 14:28 - 00191918 _____ C:\Users\Rick\Documents\Field Foot & Ankle Store Hours.ai
2015-12-03 14:21 - 2015-12-03 14:21 - 00058370 _____ C:\Users\Rick\Desktop\H&A Tire Business Card 2012.zip
2015-12-03 14:21 - 2012-01-03 16:44 - 03610031 _____ C:\Users\Rick\Desktop\H&A Tire Business Card 2012.TIF
2015-12-03 08:05 - 2015-12-03 08:05 - 00686504 _____ C:\Users\Rick\Documents\Mattress & More FAY inv2 2001-2500.pdf
2015-12-03 08:03 - 2015-12-03 10:59 - 00003614 _____ C:\Users\Rick\Documents\NumberingSettings Master Blaster Invoice.np5
2015-12-03 08:01 - 2015-12-03 08:20 - 203357891 _____ C:\Users\Rick\Documents\Master Blaster Invoice 01001-01500.pdf
2015-12-03 07:51 - 2015-11-22 05:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-03 07:51 - 2015-11-22 05:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 07:51 - 2015-11-22 05:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-03 07:51 - 2015-11-22 05:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-03 07:51 - 2015-11-22 05:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-03 07:51 - 2015-11-22 05:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-03 07:51 - 2015-11-22 05:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-03 07:51 - 2015-11-22 05:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-03 07:51 - 2015-11-22 05:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-03 07:51 - 2015-11-22 05:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-03 07:51 - 2015-11-22 05:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-03 07:51 - 2015-11-22 05:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-03 07:51 - 2015-11-22 05:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-03 07:51 - 2015-11-22 05:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-03 07:51 - 2015-11-22 05:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-03 07:51 - 2015-11-22 05:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-03 07:51 - 2015-11-22 05:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-03 07:51 - 2015-11-22 05:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-03 07:51 - 2015-11-22 05:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-03 07:51 - 2015-11-22 04:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-03 07:51 - 2015-11-22 04:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-03 07:51 - 2015-11-22 04:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-03 07:51 - 2015-11-22 04:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-03 07:51 - 2015-11-22 04:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-03 07:51 - 2015-11-22 04:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-03 07:51 - 2015-11-22 04:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-03 07:51 - 2015-11-22 04:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-03 07:51 - 2015-11-22 04:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-03 07:51 - 2015-11-22 04:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-03 07:51 - 2015-11-22 04:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-03 07:51 - 2015-11-22 04:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-03 07:51 - 2015-11-22 04:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-03 07:51 - 2015-11-22 04:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-03 07:51 - 2015-11-22 04:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-03 07:51 - 2015-11-22 04:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-03 07:51 - 2015-11-22 04:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-03 07:51 - 2015-11-22 04:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-03 07:51 - 2015-11-22 04:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-03 07:51 - 2015-11-22 04:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-03 07:51 - 2015-11-22 04:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-03 07:51 - 2015-11-22 04:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-03 07:51 - 2015-11-22 04:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-03 07:51 - 2015-11-22 04:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-03 07:51 - 2015-11-22 04:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-03 07:51 - 2015-11-22 04:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-03 07:51 - 2015-11-22 04:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-03 07:51 - 2015-11-22 04:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-03 07:51 - 2015-11-22 04:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-03 07:51 - 2015-11-22 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-03 07:51 - 2015-11-22 04:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-03 07:51 - 2015-11-22 04:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-03 07:51 - 2015-11-22 04:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-03 07:51 - 2015-11-22 04:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-03 07:51 - 2015-11-22 04:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-03 07:51 - 2015-11-22 04:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-03 07:51 - 2015-11-22 04:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-03 07:51 - 2015-11-22 04:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-03 07:51 - 2015-11-22 04:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-03 07:51 - 2015-11-22 04:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-03 07:51 - 2015-11-22 04:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-03 07:51 - 2015-11-22 04:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-03 07:51 - 2015-11-22 04:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-03 07:51 - 2015-11-22 04:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-03 07:51 - 2015-11-22 04:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-03 07:51 - 2015-11-22 04:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-03 07:51 - 2015-11-22 04:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-03 07:51 - 2015-11-22 04:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-03 07:51 - 2015-11-22 04:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-03 07:51 - 2015-11-22 04:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-03 07:51 - 2015-11-22 04:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-03 07:51 - 2015-11-22 04:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-03 07:51 - 2015-11-22 04:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-03 07:51 - 2015-11-22 04:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-03 07:51 - 2015-11-22 04:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-03 07:51 - 2015-11-22 04:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-03 07:51 - 2015-11-22 04:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-03 07:51 - 2015-11-22 04:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-03 07:51 - 2015-11-22 04:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-03 07:51 - 2015-11-22 04:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-03 07:51 - 2015-11-22 04:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-03 07:51 - 2015-11-22 04:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-03 07:51 - 2015-11-22 04:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-03 07:51 - 2015-11-22 04:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 07:51 - 2015-11-22 04:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-03 07:51 - 2015-11-22 04:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-03 07:50 - 2015-11-22 05:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-03 07:50 - 2015-11-22 05:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-03 07:50 - 2015-11-22 04:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-03 07:50 - 2015-11-22 04:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-03 07:50 - 2015-11-22 04:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-03 07:50 - 2015-11-22 04:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-03 07:50 - 2015-11-22 04:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-03 07:50 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-03 07:50 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-03 07:50 - 2015-11-22 04:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-03 07:50 - 2015-11-22 04:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-03 07:50 - 2015-11-22 04:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-03 07:50 - 2015-11-22 04:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-03 07:50 - 2015-11-22 04:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-03 07:50 - 2015-11-22 04:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-03 07:50 - 2015-11-22 04:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-03 07:50 - 2015-11-22 04:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-03 07:50 - 2015-11-22 04:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-03 07:50 - 2015-11-22 04:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-03 07:50 - 2015-11-22 04:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-03 07:50 - 2015-11-22 04:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-03 07:50 - 2015-11-22 04:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-03 07:50 - 2015-11-22 04:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-03 07:50 - 2015-11-22 04:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-03 07:50 - 2015-11-22 04:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-03 07:50 - 2015-11-22 04:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-03 07:50 - 2015-11-22 04:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-03 07:50 - 2015-11-22 04:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-03 07:50 - 2015-11-22 04:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-03 07:50 - 2015-11-22 04:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-03 07:50 - 2015-11-22 04:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-03 07:50 - 2015-11-22 04:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-03 07:50 - 2015-11-22 04:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-03 07:50 - 2015-11-22 04:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-03 07:50 - 2015-11-22 04:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-03 07:50 - 2015-11-22 04:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-03 07:50 - 2015-11-22 04:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-03 07:50 - 2015-11-22 04:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-03 07:50 - 2015-11-22 04:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-03 07:50 - 2015-11-22 04:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-03 07:50 - 2015-11-22 04:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-03 07:50 - 2015-11-22 04:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-03 07:50 - 2015-11-22 04:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-03 07:50 - 2015-11-22 04:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-03 07:50 - 2015-11-22 04:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-03 07:50 - 2015-11-22 04:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-03 07:50 - 2015-11-22 04:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-03 07:50 - 2015-11-22 04:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-03 07:50 - 2015-11-22 04:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-03 07:50 - 2015-11-22 04:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-03 07:50 - 2015-11-22 04:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-03 07:50 - 2015-11-22 04:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-03 07:50 - 2015-11-22 04:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-03 07:50 - 2015-11-22 04:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-03 07:50 - 2015-11-22 04:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-03 07:50 - 2015-11-22 04:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-03 07:50 - 2015-11-22 04:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-02 17:18 - 2015-12-03 11:57 - 00022786 _____ C:\Users\Rick\Documents\Backup_of_Swints Order Form.CDR
2015-12-02 17:14 - 2015-12-03 16:03 - 00022674 _____ C:\Users\Rick\Documents\Swints Order Form.CDR
2015-12-02 08:28 - 2015-12-02 08:28 - 00726663 _____ C:\Users\Rick\Documents\Southern Comfort Service Agreement 2015.pdf
2015-12-02 08:22 - 2015-12-02 08:22 - 00000000 ____D C:\Users\Rick\Downloads\Attachments_2015121
2015-12-02 08:11 - 2015-12-02 08:48 - 00101375 _____ C:\Users\Rick\Documents\Amazon Hand Fan Insert.pdf
2015-12-01 17:23 - 2015-12-01 17:23 - 16438726 _____ C:\Users\Rick\Downloads\Attachments_2015121.zip
2015-12-01 15:26 - 2015-12-01 15:26 - 10906558 _____ C:\Users\Rick\Downloads\Clock.zip
2015-12-01 15:22 - 2015-12-01 15:22 - 06905402 _____ C:\Users\Rick\Downloads\Fans to sell.zip
2015-12-01 14:48 - 2015-12-01 14:48 - 00598316 _____ C:\Users\Rick\Documents\Master Blaster Invoice.pdf
2015-12-01 14:25 - 2015-12-01 14:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-01 13:23 - 2015-12-01 14:36 - 00492223 _____ C:\Users\Rick\Documents\Master Blaster Proposal Curves.pdf
2015-12-01 13:23 - 2015-12-01 13:23 - 00316998 _____ C:\Users\Rick\Documents\Master Blaster Proposal Curves.cdr
2015-12-01 12:58 - 2015-12-01 12:58 - 00000000 ____D C:\Users\Rick\Downloads\ic601_80_xps_win8_v20120_ins
2015-12-01 12:57 - 2015-12-01 12:58 - 53936482 _____ C:\Users\Rick\Downloads\ic601_80_xps_win8_v20120_ins.zip
2015-12-01 12:56 - 2015-12-01 12:57 - 00031126 _____ C:\Users\Rick\Downloads\ic601_c7000_psp_win_v200020_en_add.zip
2015-12-01 12:50 - 2015-12-01 12:50 - 00000000 ____D C:\prntdrvr
2015-12-01 12:49 - 2015-12-01 12:49 - 42725552 _____ C:\Users\Rick\Downloads\PRNTDRVE.EXE
2015-11-30 14:54 - 2015-11-30 14:54 - 00000000 ____D C:\Users\Rick\AppData\Local\CEF
2015-11-29 17:34 - 2015-12-02 08:12 - 00014682 _____ C:\Users\Rick\Documents\Backup_of_Amazon Hand Fan Insert.cdr
2015-11-29 17:31 - 2015-12-02 08:48 - 00052668 _____ C:\Users\Rick\Documents\Amazon Hand Fan Insert.cdr
2015-11-29 11:51 - 2015-12-17 14:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-11-29 11:40 - 2015-11-29 11:40 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-11-28 17:33 - 2015-11-28 17:33 - 00033548 _____ C:\Users\Rick\Downloads\cr2551.xlsx
2015-11-28 16:58 - 2015-11-28 16:58 - 09554079 _____ C:\Users\Rick\Downloads\Attachments_20151128 (1).zip
2015-11-28 16:54 - 2015-11-28 16:54 - 09554079 _____ C:\Users\Rick\Downloads\Attachments_20151128.zip
2015-11-28 14:19 - 2015-11-28 14:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-28 12:44 - 2015-11-28 12:45 - 157175504 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\SQLEXPR32_x86_ENU.exe
2015-11-28 12:41 - 2015-11-28 12:41 - 50449456 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\dotNetFx40_Full_x86_x64.exe
2015-11-28 12:40 - 2015-11-28 12:40 - 48524296 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\NetFx20SP2_x64.exe
2015-11-28 12:39 - 2015-11-28 12:40 - 54762512 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\NetFx20SP2_ia64.exe
2015-11-28 12:39 - 2015-11-28 12:39 - 25001480 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\NetFx20SP2_x86.exe
2015-11-28 12:35 - 2015-11-29 12:11 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-28 12:34 - 2015-11-29 12:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-28 12:34 - 2015-11-28 12:34 - 00002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-28 12:27 - 2015-11-28 12:27 - 00000000 ____D C:\Users\Rick\Documents\PS_NetCare_DeviceManager_v3.2.01000
2015-11-26 18:38 - 2015-12-17 14:31 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9B614BD-6560-44F3-BFDD-781A6F1ACF7E}
2015-11-26 18:17 - 2015-11-26 18:17 - 00000000 ____D C:\Users\Rick\AppData\Local\Comms
2015-11-26 18:09 - 2015-11-26 18:09 - 00000000 ____D C:\Users\Rick\AppData\Local\MicrosoftEdge
2015-11-26 18:02 - 2015-12-13 17:33 - 00002409 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-26 18:02 - 2015-12-13 17:33 - 00000000 ___RD C:\Users\Rick\OneDrive
2015-11-26 18:00 - 2015-11-26 18:00 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-26 18:00 - 2015-11-26 18:00 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 17:57 - 2015-11-26 17:57 - 00000000 ____D C:\Users\Rick\AppData\Local\Publishers
2015-11-26 17:57 - 2015-11-26 17:57 - 00000000 ____D C:\Users\Rick\AppData\Local\ActiveSync
2015-11-26 17:55 - 2015-11-26 17:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-26 17:54 - 2015-12-12 14:41 - 00000000 ____D C:\Users\Rick\AppData\Local\Packages
2015-11-26 17:54 - 2015-12-04 03:58 - 00000258 __RSH C:\Users\Rick\ntuser.pol
2015-11-26 17:54 - 2015-11-26 17:54 - 00000020 ___SH C:\Users\Rick\ntuser.ini
2015-11-26 17:54 - 2015-11-26 17:54 - 00000000 ____D C:\Users\Rick\AppData\Local\TileDataLayer
2015-11-26 15:10 - 2015-11-26 17:54 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-26 15:07 - 2015-11-26 15:07 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-26 15:07 - 2015-11-26 15:07 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-26 15:07 - 2015-11-26 15:07 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-26 15:07 - 2015-11-26 15:07 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-26 15:07 - 2015-11-26 15:07 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-26 15:07 - 2015-11-26 15:07 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-26 15:07 - 2015-11-26 15:07 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-26 15:07 - 2015-11-26 15:07 - 00000000 ____D C:\Windows.old
2015-11-26 15:05 - 2015-11-26 15:05 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\Program Files\MSBuild
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-26 15:02 - 2015-11-26 15:02 - 00000000 ____D C:\inetpub
2015-11-26 15:01 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-26 15:01 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-26 15:01 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-26 15:01 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-26 15:01 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-26 15:01 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default\My Documents
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-11-26 12:47 - 2015-11-26 12:47 - 00000000 ____D C:\ProgramData\USOShared
2015-11-26 12:41 - 2015-12-17 11:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-26 12:41 - 2015-11-26 12:41 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-26 12:27 - 2015-11-26 12:27 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-26 12:27 - 2015-11-26 12:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-11-26 12:27 - 2015-11-26 12:27 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-11-26 12:27 - 2015-11-26 12:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-11-26 12:27 - 2015-11-26 12:27 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-11-26 12:21 - 2015-11-26 12:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-11-26 12:19 - 2015-12-15 17:13 - 00000000 ____D C:\Users\Rick
2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 _SHDL C:\Users\Rick\My Documents
2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 _SHDL C:\Users\Rick\Documents\My Videos
2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 _SHDL C:\Users\Rick\Documents\My Pictures
2015-11-26 12:19 - 2015-11-26 12:19 - 00000000 _SHDL C:\Users\Rick\Documents\My Music
2015-11-26 12:18 - 2015-12-17 12:07 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-26 12:18 - 2015-11-26 12:18 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-11-26 12:16 - 2015-11-26 12:29 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2015-11-26 12:16 - 2015-11-26 12:21 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2015-11-26 12:16 - 2015-11-26 12:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
2015-11-26 12:15 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-26 12:14 - 2015-11-26 12:14 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-11-26 12:14 - 2015-11-26 12:14 - 00000000 ____D C:\Program Files\Realtek
2015-11-26 12:11 - 2015-12-10 21:19 - 00632368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-26 11:33 - 2015-11-26 12:46 - 00010449 _____ C:\WINDOWS\diagerr.xml
2015-11-26 11:33 - 2015-11-26 12:46 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-11-25 16:45 - 2015-11-25 16:45 - 00648840 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 P2 & P3.pdf
2015-11-25 16:44 - 2015-11-25 16:44 - 00110767 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17 P1&P4.pdf
2015-11-25 16:36 - 2015-11-25 16:36 - 00032418 _____ C:\Users\Rick\Documents\Pops Place Red P3.pdf
2015-11-25 16:33 - 2015-11-25 16:33 - 00421384 _____ C:\Users\Rick\Documents\Pops Place Black P3.pdf
2015-11-25 16:30 - 2015-11-25 16:30 - 00025031 _____ C:\Users\Rick\Documents\Pops Place Red P2.pdf
2015-11-25 16:28 - 2015-11-25 16:28 - 00263679 _____ C:\Users\Rick\Documents\Pops Place Black P2.pdf
2015-11-25 16:24 - 2015-11-25 16:41 - 00043932 _____ C:\Users\Rick\Documents\Pops Place Black P1.pdf
2015-11-25 16:22 - 2015-11-25 16:22 - 00021013 _____ C:\Users\Rick\Documents\Pops Place Red P1.pdf
2015-11-25 16:18 - 2015-11-25 16:18 - 00014080 _____ C:\Users\Rick\Documents\Pops Place Red P4.pdf
2015-11-25 16:17 - 2015-11-25 16:17 - 00052691 _____ C:\Users\Rick\Documents\Pops Place Black P4.pdf
2015-11-19 17:16 - 2015-11-21 11:04 - 00025884 _____ C:\Users\Rick\Documents\Backup_of_Master Blasters Years of Excellence label.cdr
2015-11-19 17:13 - 2015-11-21 16:04 - 00025842 _____ C:\Users\Rick\Documents\Master Blasters Years of Excellence label.cdr
2015-11-19 15:14 - 2015-11-19 15:14 - 00041812 _____ C:\Users\Rick\Documents\Ann Imes Realty Sign 24x18 Pitts.cdr
2015-11-19 14:37 - 2015-11-19 14:37 - 00014148 _____ C:\Users\Rick\Documents\Field Foot & Ankle Store Hours.cdr
2015-11-18 15:34 - 2015-11-18 15:34 - 00033924 _____ C:\Users\Rick\Documents\Rodney Moore Sign CURVES.cdr
2015-11-18 15:33 - 2015-11-18 15:33 - 00014208 _____ C:\Users\Rick\Documents\Rodney Moore Sign.cdr
2015-11-18 12:00 - 2015-12-02 16:44 - 00070500 _____ C:\Users\Rick\Documents\Backup_of_Pop's Place MENU 11x17.cdr
2015-11-18 11:52 - 2015-12-03 10:58 - 00070246 _____ C:\Users\Rick\Documents\Pop's Place MENU 11x17.cdr
2015-11-18 09:09 - 2015-11-18 09:09 - 00022345 _____ C:\Users\Rick\Downloads\103772_Gen2P_Quote20151117_71338.pdf
2015-11-17 13:13 - 2015-11-17 13:24 - 05994891 _____ C:\Users\Rick\Documents\Master Blasters BC Tony Ard Back.tif
2015-11-17 13:13 - 2015-11-17 13:24 - 05693219 _____ C:\Users\Rick\Documents\Master Blasters BC Tony Ard.TIF
2015-11-17 13:09 - 2015-11-17 13:21 - 05994891 _____ C:\Users\Rick\Documents\Master Blasters BC Eddie Freeman Back.tif
2015-11-17 13:09 - 2015-11-17 13:20 - 05693219 _____ C:\Users\Rick\Documents\Master Blasters BC Eddie Freeman.TIF
2015-11-17 13:09 - 2015-11-17 13:16 - 05394123 _____ C:\Users\Rick\Documents\Master Blasters BC Charles McKemie Back.tif
2015-11-17 13:08 - 2015-11-17 13:14 - 05693219 _____ C:\Users\Rick\Documents\Master Blasters BC Charles McKemie.TIF
2015-11-17 13:06 - 2015-11-17 13:28 - 05994891 _____ C:\Users\Rick\Documents\Master Blasters BC Wayne McKemie Back.tif
2015-11-17 13:06 - 2015-11-17 13:27 - 05693219 _____ C:\Users\Rick\Documents\Master Blasters BC Wayne McKemie.TIF
2015-11-17 12:51 - 2015-11-17 13:36 - 19609382 _____ C:\Users\Rick\Documents\Backup_of_Master Blasters BC Tony Ard.cdr
2015-11-17 10:13 - 2015-11-17 10:13 - 31297551 _____ C:\Users\Rick\Desktop\Master Blasters Presentation Folder Curves - Hi-Tech Quick Print P.O. 111715 Quote 66622.zip
2015-11-17 10:13 - 2015-11-17 07:58 - 31299926 _____ C:\Users\Rick\Desktop\Master Blasters Presentation Folder Curves.cdr
2015-11-17 07:58 - 2015-11-17 07:58 - 31299926 _____ C:\Users\Rick\Documents\Master Blasters Presentation Folder Curves.cdr


CONTINUED ON NEXT POST
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm
Advertisement
Register to Remove

Re: What happened? I've been infected.

Unread postby Risky Rick » December 18th, 2015, 10:53 am

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 16:36 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2015-12-17 16:29 - 2010-02-11 15:12 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-17 16:20 - 2014-11-26 10:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-17 16:12 - 2015-11-05 13:57 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2324462236-1183297055-1014908895-1001.job
2015-12-17 15:33 - 2015-11-05 13:57 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2324462236-1183297055-1014908895-1001.job
2015-12-17 15:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-17 12:07 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-17 11:44 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-17 11:38 - 2010-02-11 15:12 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-17 11:37 - 2011-09-13 10:17 - 00000000 ____D C:\Users\Rick\Tracing
2015-12-17 11:33 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-17 11:33 - 2015-10-08 17:44 - 00000000 ____D C:\Users\Rick\Documents\CCWin9
2015-12-17 10:53 - 2009-12-07 09:47 - 00000000 ____D C:\Program Files (x86)\Gateway Photo Frame
2015-12-17 08:30 - 2011-06-10 06:59 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 08:10 - 2015-10-20 07:02 - 00003544 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-17 08:10 - 2015-09-07 16:20 - 00003604 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-17 08:06 - 2015-11-03 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-16 13:42 - 2015-11-05 13:57 - 00003820 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-16 13:42 - 2015-11-05 13:57 - 00003724 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2324462236-1183297055-1014908895-1001
2015-12-16 10:57 - 2015-11-16 08:16 - 00000176 _____ C:\WINDOWS\wininit.ini
2015-12-16 10:57 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-16 10:57 - 2013-05-13 13:49 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2015-12-12 14:54 - 2015-07-14 07:09 - 00000000 ____D C:\Users\Rick\Documents\RICK's TRACTS
2015-12-10 21:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 15:07 - 2013-03-08 16:19 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2015-12-10 14:35 - 2011-10-04 16:02 - 00329450 _____ C:\Users\Rick\Documents\Hi-Tech scratch Pad COLOR.cdr
2015-12-09 16:30 - 2012-12-07 16:18 - 00000687 _____ C:\Users\Rick\AppData\Roaming\NP_PDF_FilePath
2015-12-09 16:30 - 2012-12-07 16:16 - 00000011 _____ C:\Users\Rick\AppData\Roaming\NumberPressPrefs3
2015-12-09 13:36 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 13:36 - 2009-11-16 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 13:35 - 2013-03-13 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 13:33 - 2013-03-13 16:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 13:33 - 2013-03-13 16:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 13:31 - 2013-08-15 17:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 15:42 - 2010-10-27 14:05 - 00017260 _____ C:\Users\Rick\Documents\Hi-Tech pad backing.cdr
2015-12-08 15:40 - 2011-10-05 15:34 - 00330176 _____ C:\Users\Rick\Documents\Backup_of_Hi-Tech scratch Pad COLOR.cdr
2015-12-05 13:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 03:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-04 00:24 - 2010-02-11 15:12 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 00:24 - 2010-02-11 15:12 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 14:18 - 2013-05-13 08:42 - 00001304 _____ C:\Users\Rick\Desktop\Norton Installation Files.lnk
2015-12-03 14:18 - 2013-03-08 16:19 - 00001004 _____ C:\Users\Rick\Desktop\PDF Architect.lnk
2015-12-03 14:18 - 2011-04-04 08:54 - 00001968 _____ C:\Users\Rick\Desktop\Paltalk Messenger.lnk
2015-12-03 14:18 - 2010-07-15 08:39 - 00001619 _____ C:\Users\Rick\Desktop\DivX Movies.lnk
2015-12-03 14:18 - 2010-02-11 16:08 - 00002301 _____ C:\Users\Rick\Desktop\Corel PHOTO-PAINT 9.LNK
2015-12-03 14:18 - 2010-02-11 16:08 - 00002269 _____ C:\Users\Rick\Desktop\CorelDRAW 9.LNK
2015-12-03 08:34 - 2012-12-12 08:37 - 00000000 ____D C:\Program Files (x86)\Number Press
2015-12-03 08:19 - 2013-08-22 17:23 - 00003612 _____ C:\Users\Rick\Documents\NumberingSettings Mattress & More Fay Inv.np5
2015-11-30 19:33 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:33 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 14:54 - 2010-03-06 10:23 - 00000000 ____D C:\Users\Rick\AppData\Local\Adobe
2015-11-30 14:54 - 2010-02-10 17:29 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Adobe
2015-11-29 12:10 - 2009-11-16 05:19 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 11:41 - 2015-05-17 13:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-11-29 11:40 - 2015-07-07 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-11-29 11:40 - 2015-07-06 09:36 - 00002337 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-11-28 13:05 - 2010-02-10 17:26 - 00207600 _____ C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-28 12:34 - 2009-11-16 05:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-28 10:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-26 18:15 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-26 17:56 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-26 17:56 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-26 17:56 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-26 17:55 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-26 15:10 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-26 15:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-26 15:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-26 15:07 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-26 15:07 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-26 15:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-11-26 15:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-11-26 15:02 - 2015-10-30 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-11-26 15:02 - 2015-10-30 02:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-11-26 15:02 - 2015-10-30 02:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-11-26 15:02 - 2015-10-30 02:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-11-26 15:02 - 2015-10-30 02:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-11-26 15:02 - 2015-10-30 02:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-11-26 15:02 - 2015-10-30 02:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-11-26 15:02 - 2015-10-30 02:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-11-26 15:02 - 2015-10-30 02:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-11-26 15:02 - 2015-10-30 02:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-11-26 15:02 - 2015-10-30 02:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-11-26 15:02 - 2015-10-30 02:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-11-26 15:02 - 2015-10-30 02:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-11-26 15:02 - 2015-10-30 02:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-11-26 15:02 - 2015-10-30 02:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-11-26 15:02 - 2015-10-30 02:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-11-26 15:02 - 2015-10-30 02:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-11-26 12:47 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-26 12:46 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-26 12:42 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2015-11-26 12:42 - 2014-02-28 13:04 - 00003530 _____ C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-11-26 12:42 - 2013-08-05 10:31 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-26 12:42 - 2013-05-23 15:08 - 00003352 _____ C:\WINDOWS\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-11-26 12:42 - 2010-07-27 09:41 - 00003488 _____ C:\WINDOWS\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001
2015-11-26 12:41 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2015-11-26 12:41 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-26 12:35 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-26 12:34 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-26 12:29 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-11-26 12:29 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-11-26 12:29 - 2015-10-08 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office 2000
2015-11-26 12:29 - 2015-07-14 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW 9
2015-11-26 12:29 - 2015-04-24 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-11-26 12:29 - 2014-11-14 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-26 12:29 - 2014-10-28 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-11-26 12:29 - 2014-10-28 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-26 12:29 - 2013-11-27 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-11-26 12:29 - 2013-05-13 08:42 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-11-26 12:29 - 2013-03-08 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2015-11-26 12:29 - 2013-03-08 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-11-26 12:29 - 2012-12-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Number Press
2015-11-26 12:29 - 2012-12-07 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Number Press Demo
2015-11-26 12:29 - 2011-09-13 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2015-11-26 12:29 - 2011-09-13 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-26 12:29 - 2011-09-13 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Digital Studio
2015-11-26 12:29 - 2011-06-10 06:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-26 12:29 - 2011-04-04 08:54 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2015-11-26 12:29 - 2010-07-15 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
2015-11-26 12:29 - 2010-02-10 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
2015-11-26 12:29 - 2009-12-07 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-11-26 12:29 - 2009-12-07 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-11-26 12:29 - 2009-12-07 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
2015-11-26 12:29 - 2009-12-07 09:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-26 12:29 - 2009-11-16 05:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-11-26 12:29 - 2009-11-16 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-26 12:29 - 2009-11-16 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2015-11-26 12:29 - 2009-11-16 05:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Software Installer
2015-11-26 12:29 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-26 12:29 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-26 12:27 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default.migrated
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-26 12:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-11-26 12:23 - 2015-08-03 07:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-11-26 12:23 - 2013-03-20 17:00 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-11-26 12:23 - 2013-03-20 16:59 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-11-26 12:23 - 2009-11-16 04:46 - 00000000 ____D C:\WINDOWS\SysWOW64\OEM
2015-11-26 12:21 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-11-26 12:21 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-11-26 12:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\schemas
2015-11-26 12:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-26 12:21 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-26 12:21 - 2014-10-28 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-26 12:21 - 2013-09-05 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2015-11-26 12:21 - 2013-01-24 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
2015-11-26 12:21 - 2012-07-19 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2015-11-26 12:21 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-11-26 12:21 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-11-26 12:20 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-26 12:17 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-26 12:11 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-26 11:35 - 2009-07-13 23:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-26 11:35 - 2009-07-13 23:45 - 00018736 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-26 11:33 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-24 13:24 - 2015-11-15 13:15 - 00252538 _____ C:\Users\Rick\Documents\Master Blaster Invoice.cdr
2015-11-24 13:23 - 2015-11-12 14:44 - 00121208 _____ C:\Users\Rick\Documents\Master Blaster Proposal.cdr
2015-11-24 11:22 - 2015-11-15 11:29 - 31259282 _____ C:\Users\Rick\Documents\Master Blasters Presentation Folder.cdr
2015-11-24 11:21 - 2015-11-12 16:27 - 19609092 _____ C:\Users\Rick\Documents\Master Blasters BC Wayne McKemie.cdr
2015-11-24 11:20 - 2015-11-14 16:40 - 19608878 _____ C:\Users\Rick\Documents\Master Blasters BC Eddie Freeman.cdr
2015-11-24 11:18 - 2015-11-15 11:12 - 19608986 _____ C:\Users\Rick\Documents\Master Blasters BC Tony Ard.cdr
2015-11-23 19:10 - 2010-09-29 06:28 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-19 15:13 - 2015-05-14 14:34 - 00035062 _____ C:\Users\Rick\Documents\Ann Imes Realty Sign 24x18.cdr
2015-11-19 15:12 - 2015-05-14 14:42 - 00035002 _____ C:\Users\Rick\Documents\Backup_of_Ann Imes Realty Sign 24x18.cdr
2015-11-18 10:56 - 2015-11-12 14:58 - 00120824 _____ C:\Users\Rick\Documents\Backup_of_Master Blaster Proposal.cdr
2015-11-17 13:09 - 2015-11-15 11:09 - 19607706 _____ C:\Users\Rick\Documents\Master Blasters BC Charles McKemie.cdr
2015-11-17 12:51 - 2015-11-14 16:42 - 19609138 _____ C:\Users\Rick\Documents\Backup_of_Master Blasters BC Eddie Freeman.cdr
2015-11-17 12:49 - 2015-11-15 11:13 - 19607706 _____ C:\Users\Rick\Documents\Backup_of_Master Blasters BC Charles McKemie.cdr
2015-11-17 12:49 - 2015-11-12 16:29 - 19609412 _____ C:\Users\Rick\Documents\Backup_of_Master Blasters BC Wayne McKemie.cdr
2015-11-17 12:26 - 2015-11-15 13:18 - 00253000 _____ C:\Users\Rick\Documents\Backup_of_Master Blaster Invoice.cdr
2015-11-17 09:01 - 2015-01-19 13:43 - 00574162 _____ C:\Users\Rick\Desktop\08-96-4CP.ai

==================== Files in the root of some directories =======

2012-12-12 08:38 - 2012-12-12 08:38 - 0000016 _____ () C:\Users\Rick\AppData\Roaming\NPSN3
2012-12-07 16:18 - 2015-12-09 16:30 - 0000687 _____ () C:\Users\Rick\AppData\Roaming\NP_PDF_FilePath
2012-12-07 16:16 - 2015-12-09 16:30 - 0000011 _____ () C:\Users\Rick\AppData\Roaming\NumberPressPrefs3
2014-04-04 08:20 - 2014-10-24 07:20 - 0000142 _____ () C:\Users\Rick\AppData\Roaming\WB.CFG
2013-04-03 12:29 - 2014-06-09 07:43 - 0000290 _____ () C:\Users\Rick\AppData\Roaming\wklnhst.dat
2011-09-13 10:16 - 2015-04-24 20:12 - 0003584 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-13 09:55 - 2015-04-24 20:11 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 09:00

==================== End of FRST.txt ============================
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm

Re: What happened? I've been infected.

Unread postby Risky Rick » December 18th, 2015, 10:54 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Rick (2015-12-17 16:38:58)
Running from C:\Users\Rick\Downloads
Windows 10 Home (X64) (2015-11-26 22:54:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2324462236-1183297055-1014908895-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2324462236-1183297055-1014908895-503 - Limited - Disabled)
Guest (S-1-5-21-2324462236-1183297055-1014908895-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2324462236-1183297055-1014908895-1002 - Limited - Enabled)
Rick (S-1-5-21-2324462236-1183297055-1014908895-1001 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version: - )
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions)
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.1.0.30 - Best Buy)
Best Buy Software Installer (Version: 2.1.0.30 - Best Buy) Hidden
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
Corel VideoStudio Express (HKLM-x32\...\_{CBC7FF57-42A3-414E-B8EA-D971C986BA40}) (Version: 1.5.0.265 - Corel Corporation)
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
DeviceIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Easy Photo Scan (HKLM-x32\...\{F2132D5C-4C3F-41A9-865B-68966A06B01C}) (Version: 1.00.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
e-Sword (HKLM-x32\...\{2CBE100E-B963-4B4B-8435-FEA8F5F93516}) (Version: 10.02.0001 - Rick Meyers)
Freecorder 5 (HKLM-x32\...\Freecorder5.11) (Version: 5.11 - Applian Technologies Inc.)
Freecorder Toolbar (HKLM-x32\...\Freecorder Toolbar) (Version: 6.8.5.1 - Freecorder) <==== ATTENTION
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.7.1.4099 (HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\...\GoToMeeting) (Version: 7.7.1.4099 - CitrixOnline)
ICA (x32 Version: 1.5.0.265 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
IncrediMail MediaBar 2 Toolbar (HKLM-x32\...\IncrediMail_MediaBar_2 Toolbar) (Version: 6.1.0.7 - IncrediMail MediaBar 2) <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IPM_V (x32 Version: 1.52 - Corel Corporation) Hidden
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MLE (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5820 - Mozilla)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1229 - Electronic Arts)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Number Press 6.5.2 (HKLM-x32\...\{B7D14513-966A-4EB1-AA48-70A9E0C0E9FA}_is1) (Version: - Praeter Software)
Number Press Demo 6 (HKLM-x32\...\{7D8F5DDA-EB28-4943-9DDF-B7F7826B7282}_is1) (Version: - Praeter Software)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Paltalk Messenger (HKLM-x32\...\PalTalk8.2) (Version: 10.0 - AVM Software Inc.)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
Perfection V550 Photo Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdatePerfection V550 Photo_is1) (Version: 3.0.2.0 - Epson America Inc.)
Perfection V550 User’s Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V550 User’s Guide_is1) (Version: 1.0 - )
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PureHD (x32 Version: 1.00.0005 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Setup (x32 Version: 1.5.0.265 - Corel Corporation) Hidden
Share (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Share64 (Version: 1.00.0005 - Corel Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VDS10 (x32 Version: 1.00.0005 - Corel Corporation) Hidden
VIO (x32 Version: 1.00.0005 - Corel Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2324462236-1183297055-1014908895-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Rick\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

28-11-2015 11:12:08 Windows Update
03-12-2015 08:11:42 Windows Update
09-12-2015 13:08:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03713B79-2628-4355-9322-2090E3C0431F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0473AC0A-E67D-4239-9AC3-63A3EEB86B34} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {08CA1E7C-37E6-4543-88EB-674414E8E010} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {094D3E9C-39F1-49EC-AFCA-AC73722169DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {0F56987F-AE1A-4B90-974B-405C7B22E041} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1030A2AC-9D2D-4947-923E-0AC0E1F128D5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {11322381-119B-4D42-AA5A-C6E5688DE04E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\4099\g2mupdate.exe [2015-12-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {181C8494-D4DC-4BB7-A8D2-07C3D474BBBE} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {255B132D-E75F-4723-96D4-B5AD442EF44E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {25A49F2A-592B-42D5-8567-99976DD9B066} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3189101C-DD81-4797-8A2C-451E1511A268} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {34A38EDF-87BD-4476-B0FE-DD3DEEFBED04} - System32\Tasks\G2MUploadTask-S-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\4099\g2mupload.exe [2015-12-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {42064B3F-9E01-481B-B831-63CBA2B3D653} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {42BF61B2-A162-4981-8433-1699C6F6096B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {47D57C3E-5AE9-41F7-9692-4965662E1731} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {4AFF3253-BF65-418F-ADF0-B50624355D08} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5058B560-09AE-409E-B6D6-7997F79FD3CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {512FDE9B-DBEC-40E3-9891-F4A6D5597BCC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {5358FBFA-FE66-435C-9E28-7A254A9BDA4B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {572D6588-9F4A-409E-9380-48E0E29108B8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {5F39965B-0E2F-48DC-8CB8-27B4AF01E1F8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6065C7FD-5E8D-42C2-8B45-49475D124F2C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {60CD23A3-5A19-47FD-8380-C28C94BC8687} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6830640F-DD45-40E2-858C-362C883B1B4E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {726683E0-B791-4359-9351-FB4BBEB41AF8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {757CA55F-7BB6-453C-8000-BBC6024181F4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {77732438-9790-4E22-B66B-B9946985E296} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {80998995-6E57-4B19-9A1A-46455DE18DD6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {92A1F795-AE43-4ABD-9714-B060F0F8520E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {A1C4C12E-3A0F-4102-8741-0279EE14DBEC} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {A9A55780-70E8-4F8D-81D9-12389AE8968B} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {AB9D101D-ADFE-4BAF-B8D2-D857C108CB6D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B157515C-6616-4E4C-AB5C-73A8AAB9624D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B4B52048-CC89-4743-8C63-61137D5B0A96} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B64472BD-D58B-4C6F-97DB-116C59FFFACB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B752841F-5678-4909-BC58-6DA3F3280A87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {BC544385-3AF1-4C7F-8990-B4C914863F15} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C1936B83-88E2-451F-886C-DEDA0392269C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C1B24905-24F8-42BA-8621-7689EDC34778} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C430026E-42BD-4B54-8B44-2A23691EE6A1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D289CA28-D0E3-4DF4-AC5C-5D4EC86A4240} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D881CB7D-BD7C-4E5E-934E-8165D90989CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DBE9377B-9A01-4110-8B81-577D4ECFE833} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5EDCE7F-02C6-4008-B903-B8E1B6533976} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E60CB91F-52B0-44D9-94AE-7B24FE095987} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E8D1ACF9-632B-472B-97A4-F29A9C0B5C86} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EC50F22F-FC9D-49C2-BF60-6E6BE485EDE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EDBF38C4-406A-4B81-9B56-BE6DF2EA037E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F1779F30-A7CE-420A-B3D7-1E8520BEAE92} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2324462236-1183297055-1014908895-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F2DE37BC-EB22-497C-8BEE-9982FCF40139} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FA8F291F-AD51-4058-B4EE-19BB98033102} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FFFABB21-FBFE-450E-B580-5FB180156F34} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2324462236-1183297055-1014908895-1001.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\4099\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2324462236-1183297055-1014908895-1001.job => C:\Users\Rick\AppData\Local\Citrix\GoToMeeting\4099\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-19 12:32 - 2014-09-22 10:23 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-12-03 07:51 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 07:51 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-03 07:50 - 2015-11-22 04:23 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-03 07:50 - 2015-11-22 04:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-03 07:51 - 2015-11-22 04:19 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-03 07:51 - 2015-11-22 04:21 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-08-03 11:05 - 2009-08-03 11:05 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2010-06-02 19:50 - 2010-06-02 19:50 - 01144104 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-12-17 11:44 - 2015-12-17 11:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-09 08:29 - 2015-12-09 08:29 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.34020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-17 11:44 - 2015-12-17 11:44 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2014-11-14 08:47 - 2014-11-14 08:47 - 00272808 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2014-11-14 08:47 - 2014-11-14 08:47 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2014-11-14 08:47 - 2014-11-14 08:47 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2013-10-01 15:02 - 2013-10-01 15:02 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
2009-06-12 18:37 - 2009-06-12 18:37 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-06-12 18:37 - 2009-06-12 18:37 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2014-11-14 08:47 - 2014-11-14 08:47 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2014-11-14 08:47 - 2014-11-14 08:47 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2010-06-02 19:51 - 2010-06-02 19:51 - 00095528 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-12-17 11:44 - 2015-12-17 11:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 11:44 - 2015-12-17 11:44 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2324462236-1183297055-1014908895-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Gateway01.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{45550574-10F7-4CAC-B66D-36BC9E32B96F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5495FA03-60FF-4BC1-AE04-5D938A8075D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35F3000D-D312-4921-A59F-01B9D899A872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0060EAFA-F19C-423D-A957-A771F4698D79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{1763D2A6-0BFD-4A70-88A0-9E7AB24E38FF}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [TCP Query User{972FCDDC-525F-42C2-8450-78A5D6BB5433}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{9F7E8EA1-7366-40EF-9999-D6A8370D13D5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{786742DB-3497-428C-AE2E-381D680AC024}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3C15D6E8-BA0D-4FB0-A6AE-FF9109D6C3B2}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{961FDF3E-9F7D-4894-91FF-B32FA10B8ED4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{BCF6C12B-7714-457A-80B8-0D28529FCE62}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{40A0B8F1-8F73-4FDF-B3BE-98B3DFBA25D8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{EC6158CE-B495-4DF9-801C-C1D4A869B3B0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A4D9034D-E5FD-4F72-A748-54B3644366EC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [UDP Query User{A753B453-ABCC-44CF-B589-7B06EC52424F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{3F727215-527E-4A53-B908-B47EB4D32921}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9F7226FF-E0A7-4FF3-83D8-A12AC397ED55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{658C0A05-D2FB-409D-A5C3-73855DF6B586}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6D53E7FC-2FB0-49D2-96D6-FCF2940F3251}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D76A5155-CCB2-447D-AA77-5825CEF20224}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F87CE4B3-5E73-445A-9FAD-33736C38B352}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{AB73E8E6-0E85-46EA-8608-925DAF154A09}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{7CB0035A-ADE9-44F3-A764-82CFD8FA90EE}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{A905B897-D43B-43E7-9AD3-ABA25333B4FF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{94C225B7-5462-4D70-BF08-0D630E3B40BF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{D9D5D7E0-3478-4C8C-B3E5-F148BA4507EA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [UDP Query User{3B54E1FD-5A20-49E9-ABF6-987652E8B9FA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{919EA612-F6FA-40C9-87C0-71E4EBA08837}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{41931EB1-D991-4C26-BFCB-E1CF9352AEB8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7771D36D-90EC-4704-AE2B-7FCAAE2B6E21}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB73ABD5-59D1-4601-96A1-C3DE3A3BD45F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9583C9B2-146B-47E8-BEAB-B9DEA408D93B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6E2950D7-2CAB-4C65-AEAC-EC1787BAEBEC}] => (Allow) C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe
FirewallRules: [{BE1D6435-D0E2-47F1-8421-BA6E5462D9D7}] => (Allow) C:\Program Files (x86)\Z8Games\CrossFire\CF_G4box.exe
FirewallRules: [{33008088-8364-4C3F-934A-2005E025E829}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C8927F21-05A7-49E7-B032-A51F20B93E84}] => (Allow) svchost.exe
FirewallRules: [{6BCEB5D5-B24F-4A97-B177-182392F8B425}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7CC965C1-2F84-4CAB-AB9D-BE54907E943B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{19C0F736-E743-4102-B638-2A2B66583907}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2015 08:42:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IncMail.exe version 6.6.0.5288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4cc

Start Time: 01d138cc0be7cffa

Termination Time: 20

Application Path: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

Report Id: fbbbf6ab-a4c3-11e5-9cb8-90fba62bb1c9

Faulting package full name:

Faulting package-relative application ID:

Error: (12/16/2015 10:57:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XboxIdp.exe, version: 10.0.10586.0, time stamp: 0x5632cb62
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
Exception code: 0xc0000005
Fault offset: 0x00000000000780cd
Faulting process id: 0x3748
Faulting application start time: 0xXboxIdp.exe0
Faulting application path: XboxIdp.exe1
Faulting module path: XboxIdp.exe2
Report Id: XboxIdp.exe3
Faulting package full name: XboxIdp.exe4
Faulting package-relative application ID: XboxIdp.exe5

Error: (12/14/2015 02:24:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: coreldrw.exe, version: 9.337.0.0, time stamp: 0x3715a32b
Faulting module name: coreldrw.exe, version: 9.337.0.0, time stamp: 0x3715a32b
Exception code: 0xc0000005
Fault offset: 0x0058ddd5
Faulting process id: 0x1d5c
Faulting application start time: 0xcoreldrw.exe0
Faulting application path: coreldrw.exe1
Faulting module path: coreldrw.exe2
Report Id: coreldrw.exe3
Faulting package full name: coreldrw.exe4
Faulting package-relative application ID: coreldrw.exe5

Error: (12/13/2015 05:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IncMail.exe, version: 6.6.0.5288, time stamp: 0x524abb1e
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x5654262a
Exception code: 0xc0000374
Fault offset: 0x000dc089
Faulting process id: 0x2688
Faulting application start time: 0xIncMail.exe0
Faulting application path: IncMail.exe1
Faulting module path: IncMail.exe2
Report Id: IncMail.exe3
Faulting package full name: IncMail.exe4
Faulting package-relative application ID: IncMail.exe5

Error: (12/12/2015 10:47:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IncMail.exe, version: 6.6.0.5288, time stamp: 0x524abb1e
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x5654262a
Exception code: 0xc0000374
Fault offset: 0x000dc089
Faulting process id: 0x1820
Faulting application start time: 0xIncMail.exe0
Faulting application path: IncMail.exe1
Faulting module path: IncMail.exe2
Report Id: IncMail.exe3
Faulting package full name: IncMail.exe4
Faulting package-relative application ID: IncMail.exe5

Error: (12/10/2015 06:01:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IncMail.exe, version: 6.6.0.5288, time stamp: 0x524abb1e
Faulting module name: ntdll.dll, version: 10.0.10586.0, time stamp: 0x5632d9fc
Exception code: 0xc0000374
Fault offset: 0x000dc18c
Faulting process id: 0xa08
Faulting application start time: 0xIncMail.exe0
Faulting application path: IncMail.exe1
Faulting module path: IncMail.exe2
Report Id: IncMail.exe3
Faulting package full name: IncMail.exe4
Faulting package-relative application ID: IncMail.exe5

Error: (12/09/2015 01:30:29 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727

Error: (12/09/2015 01:30:29 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278

Error: (12/09/2015 01:08:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/07/2015 03:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: coreldrw.exe, version: 9.337.0.0, time stamp: 0x3715a32b
Faulting module name: coreldrw.exe, version: 9.337.0.0, time stamp: 0x3715a32b
Exception code: 0xc0000005
Fault offset: 0x0058ddd5
Faulting process id: 0x1a0
Faulting application start time: 0xcoreldrw.exe0
Faulting application path: coreldrw.exe1
Faulting module path: coreldrw.exe2
Report Id: coreldrw.exe3
Faulting package full name: coreldrw.exe4
Faulting package-relative application ID: coreldrw.exe5


System errors:
=============
Error: (12/17/2015 11:35:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (12/17/2015 11:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3b5c5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2015 11:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3b5c5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2015 11:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3b5c5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2015 11:33:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3b5c5 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2015 08:07:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (12/17/2015 08:05:33 AM) (Source: DCOM) (EventID: 10010) (User: RICK-PC)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (12/17/2015 08:05:33 AM) (Source: DCOM) (EventID: 10010) (User: RICK-PC)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (12/17/2015 08:05:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_95ceb16 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/17/2015 08:05:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_95ceb16 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-12-12 14:37:20.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 21:21:16.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 07:58:31.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 03:57:52.247
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-30 08:32:22.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-30 08:32:22.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-30 08:32:22.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-30 08:32:22.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-30 08:32:21.977
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-11-30 08:32:21.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 47%
Total physical RAM: 6007.09 MB
Available physical RAM: 3128.94 MB
Total Virtual: 12151.09 MB
Available Virtual: 8799.49 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:919.41 GB) (Free:799.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 94462B7A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm

Re: What happened? I've been infected.

Unread postby NonSuch » December 18th, 2015, 3:51 pm

Unfortunately, as you have opened your topic with multiple posts, the topic must be closed as it would likely go unnoticed by helpers who are looking for topics that have only a single post.

The following is an excerpt from the instructions at the below link, which you should have read and followed. Please take particular note of the portion I have highlighted in red.

viewtopic.php?p=491381#p491381

Gary R wrote:IMPORTANT:

  • Only post the information asked for above. If you have logs from additional scanners mention them along with your symptoms, but do not post any additional logs unless your helper asks for them.
  • Do not make any more posts to your topic until you have received a reply from a helper. Helpers here look for topics with zero replies, and if you have replied to your own topic they will assume you're already being helped. This will delay you getting the help you need.
  • Because this is a teaching forum, we prefer logs to be posted not attached. Do not attach your logs unless the size of them are such that the forum software tells you that they exceed the character limit for a post. In this case only, you may attach your logs, however you must state in your post why you have attached your logs and not posted them, failure to do so will result in your topic being closed.


Under normal circumstances, we do not permit the use of attachments; however, we realize that when a topic is started with multiple posts, instead of a single post, that topic will most likely be overlooked by helpers who are looking for topics that have not yet received a response; therefore, we must close such topics and request that the topic starter begin a new topic.

This topic will now be closed

If you still require help, please open a new thread in the Malware Removal forum. If the requested logs fail to fit in ONE post, then post the requested logs as attachments, making sure you state your reason for using attachments, as well as a short description of your computer's problems, then wait for assistance.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware