Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zlob.Zipcodec.exe hangs on Spybot Search and Destroy


  • This topic is locked This topic is locked
11 replies to this topic

#1 Ricardo1283

Ricardo1283

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 09 January 2016 - 06:17 PM

When running Spybot Search and Destroy it hangs on Zlob.Zipcodec.exe.  Did everything in the Removal guide.  Malwarebytes and any other virus software

always say the computer is clean.  I recently reinstalled Windows 10 and all of my programs.  Quicken 2015 Deluxe shows a "can not install" warning then continues to install.  However the program will not start.  I spent four hours with Intuit support with no luck, has to be the computer.  It is running slower than it used to.  It takes forever for some files to open.  Any help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Rich2 (administrator) on RICH2-PC (08-01-2016 18:30:01)
Running from C:\Users\Rich2\Desktop\Bleeping
Loaded Profiles: Rich2 (Available Profiles: Rich2 & QBDataServiceUser22)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe
() C:\Users\Rich2\Desktop\SmitfraudFix\Policies.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-13] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-12-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2015-07-16] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310312 2015-10-08] (F-Secure Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [EPSON Stylus Photo R2880] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATICXA.EXE [218112 2007-11-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2015-12-07]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-12-06]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-12-06]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-12-06]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpectraView II Gamma Loader.lnk [2015-12-13]
ShortcutTarget: SpectraView II Gamma Loader.lnk -> C:\Program Files (x86)\NEC Display Solutions\SpectraView II\SpectraView.exe (NEC Display Solutions, Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8bc08547-97d2-424a-a745-c2ce90941651}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
URLSearchHook: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000 -> {1872F420-A14B-4c9e-ADCE-76DFCFB4FA78} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000 -> {DACBEDB3-30B6-4941-8DAC-79BAC690424A} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-12-07] (F-Secure Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-11] (Oracle Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-12-07] (F-Secure Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-02] (Oracle Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000 -> hxxp://www.bing.com/

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-11] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Rich2\AppData\Roaming\mozilla\plugins\npPxPlay.dll [2015-12-22] ( )
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: Browsing Protection by F-Secure - C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2015-12-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02]
CHR Extension: (Google Docs) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (YouTube) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Google Search) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Google Sheets) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-02]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-01-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-02]
CHR Extension: (Gmail) - C:\Users\Rich2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Charter Security Suite/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-09-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 astcc; C:\WINDOWS\SysWOW64\astsrv.exe [57344 2010-04-30] (Nalpeiron Ltd.) [File not signed]
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [187432 2015-07-16] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-10-08] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60456 2015-12-07] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2012-03-28] (Nalpeiron Ltd.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
S4 QuickBooksDB22; C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [181312 2015-12-22] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [219128 2015-12-07] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [81984 2015-12-07] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [66736 2015-12-07] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\bin\fsni64.sys [97832 2015-12-07] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2015-10-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 NDSPCIIO; \??\C:\WINDOWS\system32\DRIVERS\NDSPCIIO64.SYS [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 18:29 - 2016-01-08 18:30 - 00000000 ____D C:\FRST
2016-01-08 15:28 - 2016-01-08 15:28 - 00001915 _____ C:\Users\Public\Desktop\Quicken Deluxe 2015.lnk
2016-01-08 15:28 - 2014-09-29 23:45 - 09065688 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\WINDOWS\system32\cdintf500_64.dll
2016-01-08 15:28 - 2014-09-29 23:45 - 07280344 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\WINDOWS\SysWOW64\cdintf500.dll
2016-01-08 15:27 - 2016-01-08 15:27 - 00000126 _____ C:\WINDOWS\QUICKEN.INI
2016-01-08 15:27 - 2016-01-08 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2016-01-08 11:10 - 2016-01-08 18:30 - 00000000 ____D C:\Users\Rich2\Desktop\Bleeping
2016-01-08 11:09 - 2016-01-08 11:09 - 00004780 _____ C:\Users\Rich2\Desktop\Rkill.txt
2016-01-08 11:07 - 2016-01-08 11:09 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Rich2\Desktop\iExplore.exe
2016-01-08 11:05 - 2016-01-08 11:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Rich2\Desktop\rkill.exe
2016-01-06 17:23 - 2016-01-06 17:23 - 00000000 ____D C:\Users\Rich2\Desktop\Disability
2016-01-05 07:17 - 2016-01-05 07:17 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2016-01-04 08:03 - 2016-01-08 18:05 - 00000000 ____D C:\Users\Rich2\Desktop\SPY
2016-01-03 12:40 - 2016-01-04 15:10 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\AVG
2016-01-03 12:39 - 2016-01-06 06:09 - 00000000 ____D C:\ProgramData\MFAData
2016-01-03 12:39 - 2016-01-03 12:39 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\TuneUp Software
2016-01-03 12:39 - 2016-01-03 12:39 - 00000000 ____D C:\Users\Rich2\AppData\Local\MFAData
2016-01-03 12:38 - 2016-01-06 06:10 - 00000000 ____D C:\Users\Rich2\AppData\Local\AvgSetupLog
2016-01-03 12:38 - 2016-01-06 06:10 - 00000000 ____D C:\ProgramData\Avg
2016-01-03 12:38 - 2016-01-06 06:09 - 00000000 ____D C:\Users\Rich2\AppData\Local\Avg
2016-01-03 12:25 - 2016-01-03 12:25 - 00853578 _____ C:\Users\Rich2\AppData\Local\census.cache
2016-01-03 12:25 - 2016-01-03 12:25 - 00481505 _____ C:\Users\Rich2\AppData\Local\ars.cache
2016-01-03 12:23 - 2016-01-03 12:23 - 00000010 _____ C:\Users\Rich2\AppData\Local\sponge.last.runtime.cache
2016-01-03 12:14 - 2016-01-03 12:14 - 00000036 _____ C:\Users\Rich2\AppData\Local\housecall.guid.cache
2016-01-03 12:14 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-01-03 10:24 - 2016-01-03 10:24 - 00008606 _____ C:\Users\Rich2\Desktop\cc_20160103_102431.reg
2016-01-03 09:22 - 2016-01-03 09:22 - 00003828 _____ C:\WINDOWS\SysWOW64\tmp.reg
2016-01-03 09:22 - 2016-01-03 09:22 - 00001028 _____ C:\rapport.txt
2016-01-03 09:22 - 2016-01-03 09:22 - 00000691 _____ C:\Users\Rich2\AppData\Roaming\GetValue.vbs
2016-01-03 09:22 - 2016-01-03 09:22 - 00000035 _____ C:\Users\Rich2\AppData\Roaming\SetValue.bat
2016-01-03 09:22 - 2016-01-03 09:22 - 00000000 _____ C:\WINDOWS\SysWOW64\tmp.txt
2016-01-03 09:21 - 2009-06-02 11:17 - 00075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe
2016-01-03 09:21 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe
2016-01-03 09:21 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe
2016-01-03 09:21 - 2008-10-01 15:51 - 00087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe
2016-01-03 09:21 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe
2016-01-03 09:21 - 2008-08-18 12:19 - 00082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe
2016-01-03 09:21 - 2008-05-18 21:40 - 00082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe
2016-01-03 09:21 - 2007-09-06 00:22 - 00289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe
2016-01-03 09:21 - 2006-12-01 06:20 - 00079360 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swxcacls.exe
2016-01-03 09:21 - 2006-08-29 19:43 - 00135168 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swreg.exe
2016-01-03 09:21 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe
2016-01-03 09:21 - 2006-01-09 10:36 - 00040960 _____ C:\WINDOWS\SysWOW64\swsc.exe
2016-01-03 09:21 - 2004-07-31 18:50 - 00051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe
2016-01-03 09:21 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\WINDOWS\SysWOW64\Process.exe
2016-01-03 09:10 - 2016-01-03 09:11 - 00000000 ____D C:\Users\TEMP
2016-01-03 09:10 - 2016-01-03 09:10 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2016-01-03 08:52 - 2016-01-08 18:13 - 00000000 ____D C:\Users\Rich2\Desktop\SmitfraudFix
2016-01-03 08:51 - 2016-01-03 08:52 - 01884291 _____ C:\Users\Rich2\Desktop\smitfraudfix-2.418.exe
2016-01-02 19:11 - 2016-01-02 19:11 - 00000132 _____ C:\Users\Rich2\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2016-01-02 18:58 - 2016-01-02 18:58 - 00000000 ____H C:\Users\Rich2\Documents\Default.rdp
2016-01-02 17:23 - 2016-01-02 17:23 - 00000000 ____D C:\Users\Rich2\Documents\Phase One
2016-01-02 13:49 - 2016-01-02 13:50 - 162471440 _____ (Intuit Inc. ) C:\Users\Rich2\Downloads\Quicken_Deluxe_2016 (1).exe
2016-01-02 13:37 - 2016-01-02 13:37 - 162471440 _____ (Intuit Inc. ) C:\Users\Rich2\Downloads\Quicken_Deluxe_2016.exe
2016-01-02 12:50 - 2016-01-03 09:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-02 12:33 - 2016-01-02 12:33 - 144938856 _____ (Intuit Inc. ) C:\Users\Rich2\Downloads\Quicken_Deluxe_2015 (1).exe
2016-01-02 11:47 - 2016-01-02 11:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-02 11:47 - 2016-01-02 11:47 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-02 11:47 - 2015-12-11 16:26 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-01-02 11:35 - 2016-01-08 15:29 - 00000000 ____D C:\Program Files (x86)\Quicken
2016-01-02 10:07 - 2016-01-08 18:04 - 00000000 ____D C:\Users\Rich2\Desktop\Quicken Install
2016-01-02 08:08 - 2016-01-08 18:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-02 08:08 - 2016-01-08 11:13 - 00001211 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-02 08:08 - 2016-01-08 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-02 08:08 - 2016-01-08 11:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-02 08:08 - 2016-01-02 08:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-02 08:08 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-02 08:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-02 08:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-01 10:02 - 2016-01-01 10:02 - 00000000 ____D C:\$SysReset
2016-01-01 08:53 - 2016-01-01 08:54 - 00007605 _____ C:\Users\Rich2\AppData\Local\resmon.resmoncfg
2016-01-01 08:11 - 2016-01-01 08:11 - 00000000 ____D C:\Users\Rich2\Documents\ProcAlyzer Dumps
2016-01-01 08:10 - 2015-12-09 11:05 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160101-081022.backup
2015-12-31 15:40 - 2016-01-01 07:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-31 15:40 - 2015-12-31 15:40 - 00001885 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-12-31 15:40 - 2015-12-31 15:40 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\SUPERAntiSpyware.com
2015-12-31 15:40 - 2015-12-31 15:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-12-31 15:40 - 2015-12-31 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-31 10:01 - 2015-12-31 15:10 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-31 10:00 - 2015-12-31 10:00 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-31 09:57 - 2015-12-31 09:59 - 00001188 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-12-31 09:57 - 2015-12-31 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-12-31 09:57 - 2015-12-31 09:59 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-31 09:57 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-12-30 10:19 - 2015-12-30 10:52 - 17223680 _____ C:\Users\Rich2\Desktop\MicrosoftCameraCodecPack-x64.msi
2015-12-29 19:13 - 2015-12-29 19:13 - 00000000 ____D C:\Users\Rich2\CaptureOne
2015-12-29 10:56 - 2015-12-29 10:56 - 00000000 ____D C:\Users\Rich2\AppData\Local\Software
2015-12-29 10:56 - 2015-12-29 10:56 - 00000000 ____D C:\Users\Rich2\AppData\Local\NikLicenseFiles
2015-12-29 09:50 - 2015-12-29 13:53 - 00000000 ____D C:\ProgramData\Google
2015-12-29 09:50 - 2015-12-29 09:50 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Google
2015-12-29 09:50 - 2015-12-29 09:50 - 00000000 ____D C:\Program Files (x86)\GUMC863.tmp
2015-12-29 08:49 - 2015-12-29 15:02 - 00000000 ____D C:\Users\Rich2\Desktop\Scan_Lessons
2015-12-27 13:28 - 2015-12-29 13:53 - 00000000 ____D C:\Users\Rich2\Desktop\Quicken Clean
2015-12-27 13:07 - 2015-12-27 13:08 - 144938856 _____ (Intuit Inc. ) C:\Users\Rich2\Desktop\Quicken_Deluxe_2015.exe
2015-12-27 13:03 - 2015-12-27 13:03 - 00094930 _____ C:\Users\Rich2\Desktop\cc_20151227_130338.reg
2015-12-27 09:56 - 2015-12-29 13:53 - 00000000 ____D C:\Users\Rich2\AppData\Local\Intuit_Inc
2015-12-27 09:45 - 2016-01-06 17:22 - 00000000 ____D C:\Users\Rich2\Desktop\netsh winsock reset
2015-12-27 09:14 - 2015-12-27 09:14 - 00000000 ____D C:\Users\Rich2\AppData\Local\IsolatedStorage
2015-12-27 09:12 - 2015-12-27 09:16 - 00000000 ____D C:\Users\Rich2\Documents\Quicken
2015-12-27 09:02 - 2016-01-02 11:35 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Intuit
2015-12-26 14:49 - 2015-12-29 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ron Nichols Digital Solutions
2015-12-26 14:49 - 2015-12-26 14:49 - 00001297 _____ C:\Users\Public\Desktop\RNDS Palette.lnk
2015-12-26 14:49 - 2015-12-26 14:49 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Palette_Data
2015-12-26 11:47 - 2015-12-27 08:46 - 00000056 __RSH C:\Users\Rich2\AppData\Roaming\system pd82qr0.dat
2015-12-26 11:47 - 2015-12-27 08:46 - 00000056 __RSH C:\Users\Rich2\AppData\Roaming\copy file settings_162896
2015-12-24 13:16 - 2015-12-24 13:16 - 00000000 ____D C:\Users\Rich2\AppData\Local\Apps\2.0
2015-12-24 11:22 - 2015-12-24 11:56 - 00001066 _____ C:\Users\Rich2\Desktop\SF Launcher.lnk
2015-12-24 11:20 - 2015-12-24 11:23 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-12-24 11:19 - 2015-12-24 11:56 - 00000000 ____D C:\Program Files (x86)\SilverFast Application
2015-12-24 10:53 - 2016-01-02 19:11 - 00000000 ____D C:\Users\Rich2\Desktop\Scan Exp
2015-12-24 09:56 - 2015-12-24 11:16 - 00001007 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-12-24 09:56 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-12-24 09:56 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-12-24 09:56 - 2009-03-13 00:00 - 00230912 _____ (Seiko Epson Corp.) C:\WINDOWS\system32\esxuin7c.dll
2015-12-24 09:56 - 2009-03-13 00:00 - 00221184 _____ (Seiko Epson Corp.) C:\WINDOWS\SysWOW64\esint7c.dll
2015-12-24 09:56 - 2009-03-13 00:00 - 00065793 _____ C:\WINDOWS\system32\esfw7c.bin
2015-12-24 09:56 - 2007-11-29 00:00 - 00084992 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esxwia7c.dll
2015-12-24 09:56 - 2006-03-10 00:00 - 00004608 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\esxwiaml.dll
2015-12-24 09:14 - 2015-12-24 09:14 - 00460389 _____ C:\Users\Rich2\Documents\UnderstandingResolution.pdf
2015-12-23 10:27 - 2015-12-23 10:27 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\EPSON
2015-12-22 17:59 - 2015-12-27 08:47 - 00000628 _____ C:\Users\Rich2\AppData\Roaming\RNDLPalettePrefs.ini
2015-12-22 17:39 - 2015-12-27 08:46 - 00000000 ____D C:\ProgramData\Ron Nichols Digital Solutions
2015-12-22 17:39 - 2015-12-27 08:45 - 00000052 __RSH C:\Users\Rich2\AppData\Roaming\WinOrMac_U5fe77c_pref
2015-12-22 17:39 - 2015-12-27 08:45 - 00000052 __RSH C:\Users\Rich2\AppData\Roaming\htelU5fer_critical.file
2015-12-22 17:39 - 2015-12-27 08:45 - 00000052 __RSH C:\ProgramData\vysU5f2jeRstngs.dat
2015-12-22 17:28 - 2015-12-29 13:53 - 00000000 ____D C:\Program Files (x86)\Ron Nichols Digital Solutions
2015-12-22 17:24 - 2015-12-22 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
2015-12-22 17:19 - 2015-12-22 17:19 - 00002165 _____ C:\Users\Public\Desktop\ProShow Gold.lnk
2015-12-22 17:19 - 2015-12-22 17:19 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Netscape
2015-12-22 17:19 - 2015-12-22 17:19 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Mozilla
2015-12-22 17:19 - 2015-12-22 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
2015-12-22 17:19 - 2015-12-22 17:19 - 00000000 ____D C:\Program Files (x86)\Photodex Presenter
2015-12-22 17:19 - 2015-12-22 17:19 - 00000000 ____D C:\Program Files (x86)\Photodex
2015-12-22 17:17 - 2015-12-22 17:17 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Photodex
2015-12-22 16:49 - 2015-12-22 17:09 - 00000163 _____ C:\Users\Rich2\AppData\Roaming\PLGComp.ini
2015-12-22 16:49 - 2015-12-22 16:56 - 00001041 _____ C:\Users\Public\Desktop\Focus Magic.lnk
2015-12-22 16:49 - 2015-12-22 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Magic
2015-12-22 16:49 - 2015-12-22 16:56 - 00000000 ____D C:\Program Files (x86)\Focus Magic
2015-12-22 16:49 - 2004-03-05 12:52 - 08876032 _____ (Acclaim Software Ltd) C:\WINDOWS\SysWOW64\FocusMag.dll
2015-12-22 09:24 - 2015-12-29 11:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2015-12-20 13:30 - 2015-12-20 13:30 - 00000000 ____D C:\ProgramData\eSellerate
2015-12-20 12:32 - 2015-12-20 12:32 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodak
2015-12-20 12:32 - 2015-12-20 12:32 - 00000000 ____D C:\Program Files (x86)\Kodak
2015-12-20 12:32 - 2015-12-20 12:32 - 00000000 ____D C:\Program Files (x86)\eSellerate
2015-12-20 12:07 - 2015-12-27 12:40 - 00000000 ____D C:\Users\Rich2\AppData\Local\Apple Computer
2015-12-20 12:07 - 2015-12-20 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-20 12:07 - 2015-12-20 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-20 12:07 - 2015-12-20 12:07 - 00000000 ____D C:\Program Files\iTunes
2015-12-20 12:07 - 2015-12-20 12:07 - 00000000 ____D C:\Program Files\iPod
2015-12-20 12:07 - 2015-12-20 12:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-20 12:06 - 2015-12-20 12:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-20 12:06 - 2015-12-20 12:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-12-20 12:06 - 2015-12-20 12:06 - 00000000 ____D C:\Program Files\Bonjour
2015-12-20 12:06 - 2015-12-20 12:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-20 12:06 - 2015-12-20 12:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-20 08:16 - 2015-12-20 08:16 - 09699328 _____ C:\Users\Rich2\Downloads\MicrosoftCameraCodecPack-x86.msi
2015-12-18 08:24 - 2015-12-06 23:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 08:24 - 2015-12-06 23:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 08:24 - 2015-12-06 23:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 08:24 - 2015-12-06 23:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 08:24 - 2015-12-06 23:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 08:24 - 2015-12-06 23:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 08:24 - 2015-12-06 22:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 08:24 - 2015-12-06 22:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 08:24 - 2015-12-06 22:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 08:24 - 2015-12-06 22:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 08:24 - 2015-12-06 22:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 08:24 - 2015-12-06 22:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 08:23 - 2015-12-06 23:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 08:23 - 2015-12-06 23:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 08:23 - 2015-12-06 23:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 08:23 - 2015-12-06 23:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 08:23 - 2015-12-06 23:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 08:23 - 2015-12-06 23:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 08:23 - 2015-12-06 23:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 08:23 - 2015-12-06 23:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 08:23 - 2015-12-06 23:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 08:23 - 2015-12-06 23:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 08:23 - 2015-12-06 23:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 08:23 - 2015-12-06 23:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 08:23 - 2015-12-06 23:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 08:23 - 2015-12-06 23:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 08:23 - 2015-12-06 23:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 08:23 - 2015-12-06 23:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 08:23 - 2015-12-06 23:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 08:23 - 2015-12-06 23:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 08:23 - 2015-12-06 23:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 08:23 - 2015-12-06 23:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 08:23 - 2015-12-06 23:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 08:23 - 2015-12-06 23:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 08:23 - 2015-12-06 23:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 08:23 - 2015-12-06 23:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 08:23 - 2015-12-06 23:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 08:23 - 2015-12-06 23:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 08:23 - 2015-12-06 23:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 08:23 - 2015-12-06 23:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 08:23 - 2015-12-06 23:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 08:23 - 2015-12-06 23:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 08:23 - 2015-12-06 23:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 08:23 - 2015-12-06 23:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 08:23 - 2015-12-06 22:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 08:23 - 2015-12-06 22:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 08:23 - 2015-12-06 22:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 08:23 - 2015-12-06 22:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 08:23 - 2015-12-06 22:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 08:23 - 2015-12-06 22:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 08:23 - 2015-12-06 22:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 08:23 - 2015-12-06 22:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 08:23 - 2015-12-06 22:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 08:23 - 2015-12-06 22:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 22:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 08:23 - 2015-12-06 22:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 08:23 - 2015-12-06 22:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 08:23 - 2015-12-06 22:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 08:23 - 2015-12-06 22:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 08:23 - 2015-12-06 22:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 08:23 - 2015-12-06 22:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 08:23 - 2015-12-06 22:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 08:23 - 2015-12-06 22:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 08:23 - 2015-12-06 22:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 08:23 - 2015-12-06 22:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 08:23 - 2015-12-06 22:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 08:23 - 2015-12-06 22:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 08:23 - 2015-12-06 22:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 08:23 - 2015-12-06 22:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 08:23 - 2015-12-06 22:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 08:23 - 2015-12-06 22:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 08:23 - 2015-12-06 22:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 08:23 - 2015-12-06 22:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 08:23 - 2015-12-06 22:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 08:23 - 2015-12-06 22:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-14 10:34 - 2015-12-21 16:40 - 00000000 ____D C:\Users\Rich2\AppData\Local\Windows Live Writer
2015-12-14 10:34 - 2015-12-21 16:36 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Windows Live Writer
2015-12-14 10:33 - 2015-12-14 10:33 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-12-14 10:32 - 2015-12-14 10:33 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-14 10:32 - 2015-12-14 10:32 - 00000000 ____D C:\Program Files\Windows Live
2015-12-14 10:30 - 2015-12-16 21:53 - 00000000 ____D C:\Users\Rich2\AppData\Local\Windows Live
2015-12-13 15:31 - 2015-12-13 15:31 - 00001654 _____ C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
2015-12-13 15:31 - 2015-12-13 15:31 - 00000000 ____D C:\Program Files (x86)\MonitorDriver
2015-12-13 14:32 - 2015-12-13 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Display Solutions
2015-12-13 10:57 - 2015-12-13 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-12 10:12 - 2015-12-12 10:12 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\TMP
2015-12-11 18:22 - 2015-12-11 18:22 - 00000000 ____D C:\ProgramData\Helicon
2015-12-11 17:49 - 2015-12-29 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-12-11 17:49 - 2015-12-11 17:49 - 00000000 ____D C:\WINDOWS\WICCodecs
2015-12-11 17:18 - 2015-12-11 17:32 - 00001326 _____ C:\Users\Rich2\Desktop\Helicon Focus.lnk
2015-12-11 17:18 - 2015-12-11 17:19 - 00000000 ____D C:\Users\Rich2\AppData\Local\Helicon
2015-12-11 17:18 - 2015-12-11 17:18 - 00001341 _____ C:\Users\Rich2\Desktop\Helicon 3D Viewer.lnk
2015-12-11 17:18 - 2015-12-11 17:18 - 00001331 _____ C:\Users\Rich2\Desktop\Helicon Remote.lnk
2015-12-11 17:18 - 2015-12-11 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helicon Software
2015-12-11 17:18 - 2015-12-11 17:18 - 00000000 ____D C:\Program Files (x86)\Helicon Software
2015-12-11 16:55 - 2015-12-11 16:55 - 00001058 _____ C:\Users\Public\Desktop\Perfect Photo Suite 6.lnk
2015-12-11 16:26 - 2015-12-11 16:26 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-12-11 16:25 - 2015-12-11 16:25 - 00000000 ____D C:\Program Files\Java
2015-12-11 16:24 - 2016-01-02 11:47 - 00000000 ____D C:\ProgramData\Oracle
2015-12-11 16:24 - 2016-01-02 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-11 16:24 - 2015-12-11 16:26 - 00000000 ____D C:\Users\Rich2\.oracle_jre_usage
2015-12-11 16:24 - 2015-12-11 16:24 - 00584288 _____ (Oracle Corporation) C:\Users\Rich2\Downloads\jre-8u66-windows-i586-iftw.exe
2015-12-11 16:24 - 2015-12-11 16:24 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Sun
2015-12-11 16:24 - 2015-12-11 16:24 - 00000000 ____D C:\Users\Rich2\AppData\LocalLow\Sun
2015-12-11 16:24 - 2015-12-11 16:24 - 00000000 ____D C:\Users\Rich2\AppData\LocalLow\Oracle
2015-12-11 16:02 - 2010-04-30 12:29 - 00057344 _____ (Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\ASTSRV.EXE
2015-12-11 15:39 - 2015-12-29 13:53 - 00000000 ____D C:\Users\Rich2\AppData\Local\Phase_One
2015-12-11 15:18 - 2015-12-29 18:27 - 00000000 ____D C:\Users\Rich2\AppData\Local\CaptureOne
2015-12-11 15:17 - 2015-12-11 15:17 - 00001040 _____ C:\Users\Rich2\Desktop\Capture One 6.lnk
2015-12-11 15:17 - 2015-12-11 15:17 - 00000000 ____D C:\Program Files\Phase One
2015-12-11 15:17 - 2015-12-11 15:17 - 00000000 ____D C:\Program Files\DIFX
2015-12-11 15:01 - 2012-03-28 21:54 - 00066560 _____ (Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\nlssrv32.exe
2015-12-11 11:36 - 2012-03-28 21:54 - 00066560 _____ (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
2015-12-11 11:19 - 2015-12-29 13:51 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Roaming\Adobe
2015-12-11 11:19 - 2015-12-11 11:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2015-12-11 11:19 - 2015-12-11 11:19 - 00000000 ____D C:\Users\Default.migrated\AppData\Roaming\Adobe
2015-12-11 11:19 - 2015-12-11 11:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2015-12-11 11:18 - 2015-12-13 15:20 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\onOne Software
2015-12-11 11:18 - 2015-12-11 11:18 - 00000978 _____ C:\Users\Public\Desktop\PhotoTune 3.lnk
2015-12-11 11:18 - 2015-12-11 11:18 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Roaming\onOne Software
2015-12-11 11:18 - 2015-12-11 11:18 - 00000000 ____D C:\Users\Default\AppData\Roaming\onOne Software
2015-12-11 11:18 - 2015-12-11 11:18 - 00000000 ____D C:\Users\Default.migrated\AppData\Roaming\onOne Software
2015-12-11 11:18 - 2015-12-11 11:18 - 00000000 ____D C:\Users\Default User\AppData\Roaming\onOne Software
2015-12-11 11:16 - 2015-12-11 16:56 - 00000000 ____D C:\Program Files (x86)\onOne Software
2015-12-11 11:16 - 2015-12-11 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2015-12-11 11:16 - 2015-12-11 16:55 - 00000000 ____D C:\Program Files\onOne Software
2015-12-11 11:16 - 2015-12-11 11:16 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-12-11 11:16 - 2011-07-29 14:17 - 00227840 _____ (Iterated Systems, Inc.) C:\WINDOWS\SysWOW64\Deco_32.dll
2015-12-11 11:15 - 2015-12-11 16:55 - 00000000 ____D C:\ProgramData\onOne Software
2015-12-11 10:56 - 2015-12-11 10:56 - 00001274 _____ C:\Users\Rich2\Desktop\SyncBackSE.lnk
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\2BrightSparks
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\Users\Rich2\AppData\Local\2BrightSparks
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2015-12-11 10:45 - 2015-12-11 10:45 - 00000000 ____D C:\Program Files (x86)\2BrightSparks
2015-12-11 10:45 - 2014-08-26 17:16 - 00746496 _____ C:\WINDOWS\SysWOW64\SyncBackSE.dll
2015-12-11 10:39 - 2015-12-11 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-11 10:39 - 2015-12-11 10:39 - 00000000 ____D C:\Program Files (x86)\Canon
2015-12-11 10:33 - 2015-12-11 10:33 - 00001375 _____ C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.lnk
2015-12-11 10:26 - 2015-12-29 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-11 10:26 - 2015-12-29 13:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-11 10:26 - 2015-12-20 12:07 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-11 10:11 - 2015-12-11 10:11 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (8).73gvkn4.partial
2015-12-11 09:59 - 2015-12-11 09:59 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (7).qk9uwe2.partial
2015-12-11 09:42 - 2015-12-11 09:42 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (6).030zwz1.partial
2015-12-11 09:37 - 2016-01-08 18:13 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 09:37 - 2016-01-08 17:48 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 09:37 - 2015-12-29 10:58 - 00000000 ____D C:\Users\Rich2\AppData\Local\Google
2015-12-11 09:37 - 2015-12-16 17:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 09:37 - 2015-12-11 09:43 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-11 09:37 - 2015-12-11 09:43 - 00003740 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-11 09:37 - 2015-12-11 09:42 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-11 09:37 - 2015-12-11 09:37 - 00000000 ____D C:\Users\Rich2\AppData\Local\CEF
2015-12-11 09:37 - 2015-12-11 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-11 09:37 - 2015-12-11 09:37 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-11 09:36 - 2015-12-11 09:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-11 09:36 - 2015-12-11 09:36 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-11 08:57 - 2015-12-11 08:57 - 00000000 _____ C:\Users\Rich2\Downloads\readerdc_en_eb_install_exe.sleqaes.partial
2015-12-10 19:12 - 2015-12-10 19:12 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (5).u4sgj4f.partial
2015-12-10 19:11 - 2015-12-10 19:11 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (4).8i7nfi7.partial
2015-12-10 18:59 - 2015-12-10 18:59 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (3).wb7hpej.partial
2015-12-10 18:55 - 2015-12-10 18:56 - 45409448 _____ (Anthropics Technology Ltd. ) C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (2)
2015-12-10 18:49 - 2015-12-10 18:49 - 00000000 _____ C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe (1).uy8a8hq.partial
2015-12-10 18:23 - 2015-12-10 18:23 - 41401536 _____ (Intuit) C:\Users\Rich2\Downloads\qbfd_exe
2015-12-10 18:20 - 2015-12-29 13:53 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-12-10 18:20 - 2015-12-29 13:53 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-12-10 18:20 - 2015-12-29 13:53 - 00000000 ____D C:\Users\QBDataServiceUser22
2015-12-10 18:20 - 2015-12-10 18:20 - 00000020 ___SH C:\Users\QBDataServiceUser22\ntuser.ini
2015-12-10 18:20 - 2015-12-10 18:20 - 00000000 _SHDL C:\Users\QBDataServiceUser22\My Documents
2015-12-10 18:20 - 2015-12-10 18:20 - 00000000 _SHDL C:\Users\QBDataServiceUser22\Documents\My Videos
2015-12-10 18:20 - 2015-12-10 18:20 - 00000000 _SHDL C:\Users\QBDataServiceUser22\Documents\My Pictures
2015-12-10 18:20 - 2015-12-10 18:20 - 00000000 _SHDL C:\Users\QBDataServiceUser22\Documents\My Music
2015-12-10 18:20 - 2015-12-06 15:54 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Local\Microsoft Help
2015-12-10 18:20 - 2015-12-06 14:54 - 00001330 _____ C:\Users\QBDataServiceUser22\Desktop\Blu-ray Disc Suite.lnk
2015-12-10 18:20 - 2015-12-06 14:46 - 00002167 _____ C:\Users\QBDataServiceUser22\Desktop\LG Burning Tool.lnk
2015-12-10 18:20 - 2015-12-05 14:02 - 00000000 ____D C:\Users\QBDataServiceUser22\AppData\Roaming\Media Center Programs
2015-12-09 13:27 - 2015-12-09 13:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 13:27 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 12:50 - 2015-12-09 12:51 - 47511480 _____ C:\Users\Rich2\Downloads\epson15104.exe
2015-12-09 12:43 - 2007-12-07 02:01 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_IBCBCXA.DLL
2015-12-09 12:39 - 2015-12-09 12:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-09 11:55 - 2015-12-09 12:43 - 21297080 _____ C:\Users\Rich2\Downloads\epson15102 (1).exe
2015-12-09 11:49 - 2015-12-09 11:49 - 00002334 _____ C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epson, North America.lnk
2015-12-09 11:05 - 2009-06-10 16:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151209-110523.backup
2015-12-09 10:59 - 2015-12-09 10:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-09 10:58 - 2015-12-09 10:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-09 10:58 - 2015-12-09 10:58 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-12-09 10:58 - 2015-12-09 10:58 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-12-09 10:58 - 2015-12-09 10:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-12-09 10:58 - 2015-12-09 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-09 10:58 - 2015-12-01 02:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 10:58 - 2015-11-24 07:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 10:58 - 2015-11-24 06:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 10:58 - 2015-11-24 05:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 10:58 - 2015-11-24 05:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-09 10:58 - 2015-11-24 04:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-09 10:58 - 2015-11-24 04:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-09 10:58 - 2015-11-24 04:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-09 10:58 - 2015-11-24 04:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 10:58 - 2015-11-24 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 10:58 - 2015-11-24 04:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 10:58 - 2015-11-24 04:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 10:58 - 2015-11-24 03:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 10:58 - 2015-11-24 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 10:58 - 2015-11-24 03:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-09 10:58 - 2015-11-24 03:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 10:58 - 2015-11-24 03:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 10:58 - 2015-11-24 03:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 10:58 - 2015-11-24 03:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 10:58 - 2015-11-24 02:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 10:58 - 2015-11-24 02:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 10:58 - 2015-11-24 02:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 10:58 - 2015-11-24 02:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 10:58 - 2015-11-24 02:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 10:58 - 2015-11-24 02:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 10:58 - 2015-11-24 02:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 10:58 - 2015-11-24 02:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 10:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-12-09 10:36 - 2015-12-09 10:36 - 00000000 ____D C:\Users\Rich2\AppData\Local\MicrosoftStore
2015-12-09 10:31 - 2015-12-09 10:31 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rich2\Downloads\spybot-2_4_exe
2015-12-09 10:28 - 2016-01-05 06:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-09 10:28 - 2015-12-09 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-09 09:27 - 2015-12-09 09:27 - 00003340 _____ C:\WINDOWS\System32\Tasks\{AA61CDF2-C536-4383-AA46-264B3411EAA7}
2015-12-09 08:55 - 2015-12-09 09:27 - 00000000 ____D C:\Program Files (x86)\EPSON America Inc
2015-12-09 08:48 - 2015-12-09 08:56 - 00000000 ____D C:\epson
2015-12-09 08:47 - 2015-12-09 08:47 - 06469408 _____ C:\Users\Rich2\Downloads\epson12744.exe
2015-12-09 08:14 - 2015-12-09 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-12-09 08:14 - 2015-12-09 12:53 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-12-09 08:13 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EpPicPrt.dll
2015-12-09 08:13 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EpPicMgr.dll
2015-12-09 08:13 - 2006-10-31 00:10 - 00000097 _____ C:\WINDOWS\SysWOW64\PICSDK.ini
2015-12-09 08:13 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK2.dll
2015-12-09 08:13 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICEntry.dll
2015-12-09 08:13 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\PICSDK.dll
2015-12-09 08:13 - 2004-03-03 06:10 - 00073220 _____ C:\WINDOWS\SysWOW64\EPPICPrinterDB.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00031053 _____ C:\WINDOWS\SysWOW64\EPPICPattern131.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00029114 _____ C:\WINDOWS\SysWOW64\EPPICPattern1.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00027417 _____ C:\WINDOWS\SysWOW64\EPPICPattern121.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00021021 _____ C:\WINDOWS\SysWOW64\EPPICPattern3.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00015670 _____ C:\WINDOWS\SysWOW64\EPPICPattern5.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00013280 _____ C:\WINDOWS\SysWOW64\EPPICPattern2.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00012669 _____ C:\WINDOWS\SysWOW64\EPPICLocal_EN.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00010673 _____ C:\WINDOWS\SysWOW64\EPPICPattern4.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00006478 _____ C:\WINDOWS\SysWOW64\EPPICLocal_PT.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00006478 _____ C:\WINDOWS\SysWOW64\EPPICLocal_BP.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00006366 _____ C:\WINDOWS\SysWOW64\EPPICLocal_FR.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00006366 _____ C:\WINDOWS\SysWOW64\EPPICLocal_CF.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00006226 _____ C:\WINDOWS\SysWOW64\EPPICLocal_ES.cfg
2015-12-09 08:13 - 2004-03-03 06:10 - 00004943 _____ C:\WINDOWS\SysWOW64\EPPICPattern6.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001140 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_PT.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001140 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_BP.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001137 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_ES.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001130 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_FR.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001130 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_CF.dat
2015-12-09 08:13 - 2004-03-03 06:10 - 00001104 _____ C:\WINDOWS\SysWOW64\EPPICPresetData_EN.dat
2015-12-09 08:11 - 2015-12-09 12:43 - 00000000 ____D C:\ProgramData\EPSON
2015-12-09 08:11 - 2007-12-07 02:08 - 00108032 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMCXA.DLL
2015-12-09 06:07 - 2015-12-09 06:08 - 45409448 _____ (Anthropics Technology Ltd. ) C:\Users\Rich2\Downloads\PortraitProfessionalStudioSetup_exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 18:29 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-08 18:19 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-08 18:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-08 15:42 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-08 15:38 - 2015-12-05 14:07 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-08 15:38 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-08 15:32 - 2015-12-05 14:15 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-08 15:32 - 2015-12-05 14:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 15:30 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 11:51 - 2015-12-05 16:54 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{121AB025-697A-43C7-A628-F792E1178EAC}
2016-01-08 02:00 - 2015-12-05 17:22 - 00000000 ____D C:\Users\Rich2\AppData\Local\Adobe
2016-01-06 17:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-06 06:20 - 2015-12-05 16:56 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-06 06:07 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-04 15:59 - 2015-12-05 13:12 - 00000000 ____D C:\Users\Rich2\AppData\Local\VirtualStore
2016-01-03 12:41 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-03 09:42 - 2015-12-05 14:01 - 00000000 ____D C:\Users\Rich2
2016-01-03 09:10 - 2015-12-05 14:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 19:01 - 2015-12-07 15:29 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Lasersoft Imaging
2016-01-02 11:34 - 2015-12-06 15:01 - 00000000 ____D C:\ProgramData\Intuit
2016-01-01 09:23 - 2015-12-06 08:52 - 00000000 ____D C:\Users\Rich2\AppData\Local\ElevatedDiagnostics
2015-12-31 15:39 - 2015-12-08 11:53 - 00000000 ___RD C:\Users\Rich2\Creative Cloud Files
2015-12-31 15:39 - 2015-12-08 11:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-31 10:00 - 2015-12-06 14:41 - 00000000 ____D C:\ProgramData\Temp
2015-12-31 10:00 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-31 09:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-29 13:53 - 2015-12-07 12:35 - 00000000 ____D C:\Program Files (x86)\Charter Security Suite
2015-12-29 13:53 - 2015-12-06 15:02 - 00000000 ____D C:\Users\Rich2\AppData\Local\Intuit
2015-12-29 13:53 - 2015-12-05 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-29 13:53 - 2015-12-05 18:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-29 13:53 - 2012-12-15 09:46 - 00000000 ____D C:\Users\Rich2\Downloads\scriptina
2015-12-29 13:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2015-12-29 13:51 - 2015-12-07 19:13 - 00000000 ____D C:\Users\Rich2\AppData\Local\Nik Software
2015-12-29 13:51 - 2015-12-07 19:12 - 00000000 ____D C:\Program Files\Nik Software
2015-12-29 13:51 - 2015-08-22 06:09 - 00000000 ____D C:\Users\Rich2\Desktop\QBDataServiceUser22
2015-12-29 13:51 - 2015-08-22 06:09 - 00000000 ____D C:\Users\Rich2\Desktop\QBDataServiceUser18
2015-12-29 13:51 - 2011-11-14 20:05 - 00000000 ____D C:\Users\Rich2\Documents\Bank_Statements
2015-12-27 12:52 - 2011-03-17 11:13 - 00000891 _____ C:\Users\Rich2\Desktop\QuickMats4 Files - Shortcut.lnk
2015-12-26 13:46 - 2011-11-14 20:05 - 00000000 ____D C:\Users\Rich2\Documents\Tax Forms
2015-12-26 13:27 - 2015-12-07 09:46 - 00000000 ____D C:\Users\Rich2\Desktop\Slide_Show
2015-12-26 10:44 - 2015-01-16 14:53 - 00000000 ____D C:\Users\Rich2\Desktop\To Email
2015-12-26 09:36 - 2015-12-05 18:38 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-24 09:56 - 2015-12-07 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-12-24 09:56 - 2015-12-07 15:28 - 00000000 ____D C:\Program Files (x86)\epson
2015-12-23 10:23 - 2015-12-07 18:34 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Apple Computer
2015-12-22 09:20 - 2015-11-26 09:16 - 00000000 ____D C:\Users\Rich2\Documents\Disability
2015-12-20 12:07 - 2015-12-07 15:00 - 00000000 ____D C:\ProgramData\Apple
2015-12-20 12:06 - 2015-12-07 15:00 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-20 12:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-20 12:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-20 12:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-20 11:56 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-14 09:53 - 2015-12-05 14:11 - 00002407 _____ C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-14 09:53 - 2015-12-05 14:11 - 00000000 ___RD C:\Users\Rich2\OneDrive
2015-12-13 15:31 - 2015-12-05 13:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 14:32 - 2015-12-08 17:09 - 00000000 ____D C:\Program Files (x86)\NEC Display Solutions
2015-12-13 14:32 - 2012-03-07 15:35 - 00000000 ____D C:\Users\Public\Documents\NEC Display Solutions
2015-12-13 14:17 - 2015-12-08 17:09 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NEC Display Solutions
2015-12-13 11:00 - 2015-12-05 17:39 - 00000000 ____D C:\Program Files\Adobe
2015-12-13 11:00 - 2015-12-05 17:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-12 10:13 - 2015-12-05 13:25 - 00000000 ____D C:\Program Files (x86)\Marvell
2015-12-11 18:48 - 2015-03-02 16:18 - 00000000 ____D C:\Users\Rich2\Documents\McMillan_2014
2015-12-11 15:18 - 2015-12-07 15:01 - 00000000 ____D C:\ProgramData\Phase One
2015-12-11 15:17 - 2015-12-07 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
2015-12-11 10:01 - 2015-12-08 13:05 - 00001371 _____ C:\Users\Rich2\Desktop\Portrait Professional Studio 10.lnk
2015-12-11 10:01 - 2015-12-08 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portrait Professional Studio 10
2015-12-11 10:01 - 2015-12-08 13:05 - 00000000 ____D C:\Program Files (x86)\Portrait Professional Studio 10
2015-12-11 09:38 - 2015-12-05 17:22 - 00000000 ____D C:\ProgramData\Adobe
2015-12-11 09:37 - 2015-12-07 19:17 - 00000000 ____D C:\Users\Rich2\AppData\LocalLow\Adobe
2015-12-11 09:37 - 2015-12-05 14:09 - 00000000 ____D C:\Users\Rich2\AppData\Roaming\Adobe
2015-12-10 18:58 - 2015-12-05 13:58 - 04911792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 18:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-10 18:26 - 2015-12-06 15:00 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2015-12-10 17:41 - 2015-12-05 14:09 - 00000000 ____D C:\Users\Rich2\AppData\Local\Packages
2015-12-09 14:19 - 2015-09-10 14:24 - 00095024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-12-09 13:30 - 2015-12-06 14:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 10:36 - 2012-10-28 03:37 - 02574064 _____ (Solid State Networks) C:\Users\Rich2\Downloads\1d455d23a4624bfebbbc871b1256933adr99999dr861181774_Pod8_en-US.exe

==================== Files in the root of some directories =======

2016-01-02 19:11 - 2016-01-02 19:11 - 0000132 _____ () C:\Users\Rich2\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-12-26 11:47 - 2015-12-27 08:46 - 0000056 __RSH () C:\Users\Rich2\AppData\Roaming\copy file settings_162896
2016-01-03 09:22 - 2016-01-03 09:22 - 0000691 _____ () C:\Users\Rich2\AppData\Roaming\GetValue.vbs
2015-12-22 17:39 - 2015-12-27 08:45 - 0000052 __RSH () C:\Users\Rich2\AppData\Roaming\htelU5fer_critical.file
2015-12-22 16:49 - 2015-12-22 17:09 - 0000163 _____ () C:\Users\Rich2\AppData\Roaming\PLGComp.ini
2015-12-22 17:59 - 2015-12-27 08:47 - 0000628 _____ () C:\Users\Rich2\AppData\Roaming\RNDLPalettePrefs.ini
2016-01-03 09:22 - 2016-01-03 09:22 - 0000035 _____ () C:\Users\Rich2\AppData\Roaming\SetValue.bat
2015-12-26 11:47 - 2015-12-27 08:46 - 0000056 __RSH () C:\Users\Rich2\AppData\Roaming\system pd82qr0.dat
2015-12-22 17:39 - 2015-12-27 08:45 - 0000052 __RSH () C:\Users\Rich2\AppData\Roaming\WinOrMac_U5fe77c_pref
2016-01-03 12:25 - 2016-01-03 12:25 - 0481505 _____ () C:\Users\Rich2\AppData\Local\ars.cache
2016-01-03 12:25 - 2016-01-03 12:25 - 0853578 _____ () C:\Users\Rich2\AppData\Local\census.cache
2016-01-03 12:14 - 2016-01-03 12:14 - 0000036 _____ () C:\Users\Rich2\AppData\Local\housecall.guid.cache
2016-01-01 08:53 - 2016-01-01 08:54 - 0007605 _____ () C:\Users\Rich2\AppData\Local\resmon.resmoncfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Rich2\AppData\Local\setup.txt
2016-01-03 12:23 - 2016-01-03 12:23 - 0000010 _____ () C:\Users\Rich2\AppData\Local\sponge.last.runtime.cache
2015-12-07 15:29 - 2015-12-07 15:32 - 0020531 ____H () C:\ProgramData\T09F8
2015-12-22 17:39 - 2015-12-27 08:45 - 0000052 __RSH () C:\ProgramData\vysU5f2jeRstngs.dat

Files to move or delete:
====================
C:\ProgramData\vysU5f2jeRstngs.dat

Some files in TEMP:
====================
C:\Users\Rich2\AppData\Local\Temp\avguirn_08301098354.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-01 07:22

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 11 January 2016 - 11:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2049838423-2816926301-2657962473-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
U3 idsvc; no ImagePath
S3 NDSPCIIO; \??\C:\WINDOWS\system32\DRIVERS\NDSPCIIO64.SYS [X]
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2049838423-2816926301-2657962473-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-78A428FC067B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Rich2\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

#3 Ricardo1283

Ricardo1283
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 11 January 2016 - 05:57 PM

Same behavior as before, also Photoshop CS6 Filters are crashing the program.  They were working last time I used them .  



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 12 January 2016 - 10:39 AM


I suggest your remove Spybot and Destroy using the instructions on this page.

https://www.safer-networking.org/support/missing-files/uninstall-tool/

After the removal please Restart the computer normally.

===

Let see what this tool will find.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

p.s.
Later when all is well you can re-install Spybot...

#5 Ricardo1283

Ricardo1283
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 14 January 2016 - 11:30 AM

Some things showed up, I'll wait for a response before removing anythihg.

 

Thanks

 

 

RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Rich2 [Administrator]
Started from : C:\Users\Rich2\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/14/2016 08:14:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\DeviceVM -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2049838423-2816926301-2657962473-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2049838423-2816926301-2657962473-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2049838423-2816926301-2657962473-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2049838423-2816926301-2657962473-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Hidden.ADS][Stream] C:\Windows:AstInfo -> Found
[Hidden.ADS][Stream] C:\Windows:nlsPreferences -> Found
[PUP][Folder] C:\Program Files (x86)\DeviceVM -> Found

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000528AS +++++
--- User ---
[MBR] 1f79ca55e983d857a8f42d1e9135641e
[BSP] bca574f7ed3c2a7e34374a77d47c15d7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: INTEL SSDSA2CW120G3 +++++
--- User ---
[MBR] d530de11fdef2be465e48fdf83920dc0
[BSP] c7aaeab347406a2aa2a6768a5cc05d4f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST31000528AS +++++
--- User ---
[MBR] 93d2438a5993a86234d76d6178bbced8
[BSP] 9985a74c40d1cc4ddcc1c66a4ee192ff : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: ST31000528AS +++++
--- User ---
[MBR] 98a5faddf86d5a978a2bedc4d603b533
[BSP] 1d85194d1498a76ec880b2d41f901b13 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: ST310005 28AS SCSI Disk Device +++++
--- User ---
[MBR] c6adecc40aab9c75dd9317586577f239
[BSP] 6e391df5b2c7785dc9903892bc693ac7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive7: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive9: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive10: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 15 January 2016 - 08:07 AM

Remove everything.

Default values will be restored.

What are the remaining issues?

#7 Ricardo1283

Ricardo1283
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 17 January 2016 - 01:59 PM

Still have same problems. Zlob.ZipCodec still hangs on Spybot

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 17 January 2016 - 02:54 PM

You have removed and reinstall Spybot.

I can only suggest you start a topic in their forum.

Someone there should be able to help you better that I can.

https://forums.spybot.info/forumdisplay.php?22-Malware-Removal

I will keep this topic open for 6 days.
If you need to return please do.

#9 Ricardo1283

Ricardo1283
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 18 January 2016 - 03:28 PM

Thanks for your help, strange nothing except Spybot shows Zlob.Zip.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 19 January 2016 - 09:15 AM

If the file identified is Zlob.Zip let see where it's comining from.

Please run the Farbar Recovery Scan Tool. Enter Zlob.Zip in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Zlob.Zip in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Post the log for my review.

#11 Ricardo1283

Ricardo1283
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 21 January 2016 - 02:54 PM

Doesn't look like anything turned up.  I'll work with Spybot support, it seems a lot of people are having this problem.

Thanks

 

Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Rich2 (2016-01-21 14:49:16)
Running from C:\Users\Rich2\Desktop
Boot Mode: Normal

================== Search Files: "Zlob.Zip " =============

====== End of Search ======

 

Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Rich2 (2016-01-21 14:52:00)
Running from C:\Users\Rich2\Desktop
Boot Mode: Normal

================== Search Registry: "Zlob.Zip" ===========

====== End of Search ======



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,259 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 21 January 2016 - 02:58 PM

Good call.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users