lvmaintenance

Rickaber · February 20, 2014

Anyone know this program? Every 30sec it asks to install new sorfware on harddrive. i keep denighing but it won't take no for an answer. It just keeps poping up.

kevinf80 · February 20, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Run the following in the order given and post the produced logs :-

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

If Malwarebytes is not installed Download from the following link and save it to your desktop:

http://www.malwarebytes.org/mbam.php

Double Click mbam-setup.exe to install the application, ensure to check for updates, then run as above....

Post that log..

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin..

Rickaber · February 20, 2014

Kevin, here are the results you requested. The trojan also changes the web logon procedures on my pc, unchecks 'auto detect'

option and 'use proxy server'.

Ane thank you for your assistance. Afraid this is over my head.

Rick

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Rick's Laptop (administrator) on RICKSLAPTOP on 20-02-2014 08:29:17
Running from C:\Users\Rick's Laptop\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AECLSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell) C:\Users\Rick's Laptop\AppData\Local\Apps\2.0\JZHQE4QB.0G7\GPC3B75T.PN9\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Dell Audio] - C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2535448 2014-02-05] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
HKU\.DEFAULT\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [DellSystemDetect] - C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [iLivid] - "C:\Users\Rick's Laptop\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
Startup: C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49853;https=127.0.0.1:49853
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC69535497BDCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB4486EF6-FFE1-481E-8D47-9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB4486EF6-FFE1-481E-8D47-9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKCU - {0D0EF54D-9BB6-4768-9A07-0B4610065B04} URL = http://search.conduit.com/Results.aspx?ctid=CT3300039&SearchSource=45&q={searchTerms}
SearchScopes: HKCU - {127F0C0B-9787-46AA-A230-EB52610137EB} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10881
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={C8299F89-954A-4325-8B32-75AD52FA0773}&mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 06:34:02&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9D66947F-0C8A-4CE9-914A-0AE79D4D1525} URL = http://search.findwide.com/serp?guid={0DD1CC0F-CB50-4064-A599-E86010E35525}&action=default_search&serpv=22&k={searchTerms}
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 24.217.0.5 24.217.201.67 24.247.15.53

FireFox:
========
FF ProfilePath: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
FF user.js: detected! => C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: MyWordTool - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\emily@wilford.biz [2014-01-06]
FF Extension: Yahoo! Toolbar - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-11-09]
FF Extension: Karma Blocker - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\kabl@trac.arantius.com.xpi [2014-01-10]
FF Extension: Yes popups - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\yespopupsV1@patheticcockroach.com.xpi [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi

Chrome:
=======

CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB4486EF6-FFE1-481E-8D47-9845A3469DED&q=%s&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (AVG SafeGuard) - C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\RICK'S~1\AppData\Local\mysearchdial-speeddial.crx [2013-11-08]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-11-08]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx [2014-02-05]

==================== Services (Whitelisted) =================

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2013-08-29] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-07] (Broadcom Corporation.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S2 CirrusAudioService; C:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-10] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2013-08-29] (Cirrus Logic)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-20 08:29 - 2014-02-20 08:29 - 00020726 _____ () C:\Users\Rick's Laptop\Downloads\FRST.txt
2014-02-20 08:29 - 2014-02-20 08:29 - 00000000 ____D () C:\FRST
2014-02-20 08:28 - 2014-02-20 08:28 - 02153472 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST64.exe
2014-02-20 08:20 - 2014-02-20 08:20 - 01086861 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST.exe
2014-02-20 00:43 - 2014-02-20 00:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rick's Laptop\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 23:46 - 2014-02-20 08:10 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
2014-02-17 10:10 - 2014-02-17 10:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-17 10:06 - 2014-02-17 10:06 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
2014-02-17 10:05 - 2014-02-17 10:05 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\SearchProtect
2014-02-17 08:21 - 2014-02-17 09:48 - 00232700 _____ () C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2014-02-17 08:21 - 2014-02-17 09:48 - 00001987 _____ () C:\Users\Rick's Laptop\Desktop\Photo Pos Pro.lnk
2014-02-17 08:21 - 2014-02-17 09:48 - 00000000 ____D () C:\Program Files (x86)\Photo Pos Pro
2014-02-17 08:21 - 2014-02-17 08:21 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
2014-02-17 08:15 - 2014-02-17 08:15 - 00930440 _____ (CNET Download.com) C:\Users\Rick's Laptop\Downloads\cbsidlm-cbsi176-Photo_Pos_Pro-BP-10264444.exe
2014-02-16 01:36 - 2013-12-08 18:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 01:36 - 2013-12-08 18:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 01:36 - 2013-11-27 09:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 01:36 - 2013-11-27 09:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 01:36 - 2013-11-27 08:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 01:36 - 2013-11-27 07:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 01:36 - 2013-11-27 06:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 01:36 - 2013-11-27 04:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 01:36 - 2013-11-27 04:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 01:36 - 2013-11-27 04:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 01:36 - 2013-11-27 03:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 01:36 - 2013-11-27 03:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 01:36 - 2013-11-27 03:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 01:36 - 2013-11-27 03:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 01:36 - 2013-11-27 02:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 01:36 - 2013-11-27 02:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 01:36 - 2013-11-26 22:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-16 01:36 - 2013-11-26 07:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 01:36 - 2013-11-26 05:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-16 01:36 - 2013-11-26 05:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-16 01:36 - 2013-11-26 05:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 01:36 - 2013-11-26 04:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-16 01:36 - 2013-11-26 03:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 01:36 - 2013-11-26 02:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 01:36 - 2013-11-24 19:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 01:36 - 2013-11-24 19:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 01:36 - 2013-11-24 17:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 01:36 - 2013-11-24 17:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 01:36 - 2013-11-23 06:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 01:36 - 2013-11-23 05:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 01:36 - 2013-11-23 02:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 01:36 - 2013-11-23 01:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 01:36 - 2013-11-23 01:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 01:36 - 2013-11-23 01:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 01:36 - 2013-11-22 22:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 01:36 - 2013-11-22 21:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 01:36 - 2013-11-22 21:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 01:36 - 2013-11-22 21:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 01:36 - 2013-11-22 21:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 01:36 - 2013-11-22 21:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 01:36 - 2013-11-22 21:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 01:36 - 2013-11-21 00:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 01:36 - 2013-11-21 00:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 01:36 - 2013-11-15 23:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-16 01:36 - 2013-11-15 12:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-16 01:36 - 2013-11-15 08:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 01:36 - 2013-11-15 08:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 01:36 - 2013-11-15 08:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 01:36 - 2013-11-15 07:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 01:36 - 2013-11-05 14:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-16 01:36 - 2013-10-30 18:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 01:36 - 2013-10-30 17:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 21:46 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 21:46 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 21:46 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 21:46 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 21:46 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 21:46 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 21:46 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 21:46 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 21:46 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 21:46 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 21:46 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 21:46 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 21:46 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 21:46 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 21:46 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 21:46 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 21:46 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 21:46 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 21:46 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 21:46 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 21:46 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 21:46 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 21:46 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 21:46 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 21:46 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 21:46 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 21:46 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 21:46 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 21:46 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 21:46 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 21:46 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 21:46 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 21:46 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 21:46 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 21:46 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 21:46 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 21:46 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 21:46 - 2014-01-06 23:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 21:46 - 2014-01-06 22:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 21:46 - 2013-12-08 18:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 21:46 - 2013-12-08 18:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 21:46 - 2013-12-08 17:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 21:46 - 2013-12-08 17:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 21:46 - 2013-11-21 00:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 21:46 - 2013-11-20 23:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 21:45 - 2014-01-09 02:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 21:45 - 2014-01-09 01:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 21:45 - 2014-01-09 01:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 21:45 - 2014-01-09 01:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 21:45 - 2014-01-09 01:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 21:45 - 2014-01-09 01:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 21:45 - 2014-01-09 01:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 21:45 - 2014-01-09 01:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 21:45 - 2014-01-09 01:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 21:45 - 2014-01-09 01:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-12 21:45 - 2014-01-07 01:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 21:45 - 2014-01-06 23:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 21:45 - 2014-01-04 14:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 21:45 - 2014-01-04 13:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 21:45 - 2014-01-04 08:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 21:45 - 2014-01-04 08:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 21:45 - 2014-01-04 07:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 21:45 - 2014-01-04 07:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 21:45 - 2014-01-04 07:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 21:45 - 2014-01-04 07:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 21:45 - 2013-12-20 20:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 21:45 - 2013-12-20 20:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 21:45 - 2013-12-20 04:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 21:45 - 2013-12-20 00:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 21:45 - 2013-12-08 20:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 21:45 - 2013-12-08 19:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-10 13:28 - 2014-02-10 13:28 - 00837261 _____ () C:\Users\Rick's Laptop\Downloads\winter_2013.zip
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Rick's Laptop\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Guest\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00000000 ____D () C:\Program Files (x86)\Capture-A-ScreenShot
2014-02-06 07:32 - 2014-02-06 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\FrmMain
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Canon
2014-02-05 09:54 - 2014-02-05 09:54 - 00002204 _____ () C:\Users\Rick's Laptop\Desktop\Teds.lnk
2014-02-03 04:04 - 2014-02-03 20:27 - 00058880 ___SH () C:\Users\Rick's Laptop\Downloads\Thumbs.db
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll

==================== One Month Modified Files and Folders =======

2014-02-20 08:29 - 2014-02-20 08:29 - 00020726 _____ () C:\Users\Rick's Laptop\Downloads\FRST.txt
2014-02-20 08:29 - 2014-02-20 08:29 - 00000000 ____D () C:\FRST
2014-02-20 08:28 - 2014-02-20 08:28 - 02153472 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST64.exe
2014-02-20 08:20 - 2014-02-20 08:20 - 01086861 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST.exe
2014-02-20 08:19 - 2013-11-10 20:24 - 01198520 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-20 08:15 - 2013-11-07 22:18 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3664828930-2760834353-1218494814-1001
2014-02-20 08:12 - 2013-11-09 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 08:12 - 2013-11-08 07:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 08:11 - 2013-11-10 20:37 - 00000000 __RDO () C:\Users\Rick's Laptop\SkyDrive
2014-02-20 08:11 - 2013-11-10 20:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\Deployment
2014-02-20 08:11 - 2013-11-08 07:49 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 08:10 - 2014-02-19 23:46 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
2014-02-20 08:10 - 2013-11-08 07:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 08:10 - 2013-09-29 21:55 - 00107838 _____ () C:\WINDOWS\PFRO.log
2014-02-20 08:10 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-20 08:09 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-20 08:05 - 2013-11-09 01:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-20 08:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-20 07:56 - 2013-11-08 11:56 - 00000338 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2014-02-20 07:39 - 2013-12-01 14:01 - 12636160 _____ () C:\Users\Rick's Laptop\Documents\Rick's Quicken Data.QDF-backup
2014-02-20 00:56 - 2013-12-19 01:56 - 00000158 _____ () C:\Users\Rick's Laptop\AppData\Roaming\WB.CFG
2014-02-20 00:43 - 2014-02-20 00:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rick's Laptop\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-20 00:35 - 2013-11-21 03:04 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{501C7A76-3964-4568-8185-C60C8903D577}
2014-02-19 18:17 - 2013-11-09 01:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-19 13:10 - 2013-09-29 22:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-19 12:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-19 11:40 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-18 05:42 - 2013-11-11 13:30 - 00046592 ___SH () C:\Users\Rick's Laptop\Desktop\Thumbs.db
2014-02-17 10:10 - 2014-02-17 10:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\SearchProtect
2014-02-17 10:06 - 2014-02-17 10:06 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
2014-02-17 10:05 - 2014-02-17 10:05 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\SearchProtect
2014-02-17 09:48 - 2014-02-17 08:21 - 00232700 _____ () C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2014-02-17 09:48 - 2014-02-17 08:21 - 00001987 _____ () C:\Users\Rick's Laptop\Desktop\Photo Pos Pro.lnk
2014-02-17 09:48 - 2014-02-17 08:21 - 00000000 ____D () C:\Program Files (x86)\Photo Pos Pro
2014-02-17 08:34 - 2013-11-07 22:09 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\VirtualStore
2014-02-17 08:21 - 2014-02-17 08:21 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
2014-02-17 08:15 - 2014-02-17 08:15 - 00930440 _____ (CNET Download.com) C:\Users\Rick's Laptop\Downloads\cbsidlm-cbsi176-Photo_Pos_Pro-BP-10264444.exe
2014-02-17 04:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 03:26 - 2013-11-07 22:10 - 00000000 ___RD () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 03:26 - 2013-11-07 22:10 - 00000000 ___RD () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 03:25 - 2013-08-22 08:44 - 00360248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-17 03:24 - 2013-11-08 06:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 03:22 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 03:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 03:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 02:41 - 2013-11-09 03:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 02:39 - 2013-11-09 03:51 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 02:04 - 2013-11-08 07:49 - 00003908 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 02:04 - 2013-11-08 07:49 - 00003672 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 07:39 - 2013-10-27 09:32 - 00000000 ____D () C:\Users\Rick's Laptop\Documents\ACW Plans
2014-02-14 22:30 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-14 06:45 - 2013-12-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 01:56 - 2013-11-08 11:56 - 00002676 _____ () C:\WINDOWS\System32\Tasks\UpdaterEX
2014-02-13 14:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-02-13 10:54 - 2013-07-26 06:22 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\KVCCU
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-13 10:15 - 2013-11-09 01:54 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-10 13:28 - 2014-02-10 13:28 - 00837261 _____ () C:\Users\Rick's Laptop\Downloads\winter_2013.zip
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Rick's Laptop\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Guest\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00000000 ____D () C:\Program Files (x86)\Capture-A-ScreenShot
2014-02-06 12:17 - 2014-02-06 07:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 06:16 - 2014-02-12 21:46 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 21:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 21:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 21:46 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 21:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 21:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 21:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 21:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 04:49 - 2014-02-12 21:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 21:46 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 21:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 21:46 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 21:46 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 21:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 21:46 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 21:46 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 21:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 21:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 21:46 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 21:46 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 21:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 21:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 21:46 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 03:47 - 2014-02-12 21:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 21:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 21:46 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 21:46 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 21:46 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 21:46 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 21:46 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 21:46 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 21:46 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 21:46 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 21:46 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 21:46 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 21:46 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 21:46 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\FrmMain
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Canon
2014-02-05 09:54 - 2014-02-05 09:54 - 00002204 _____ () C:\Users\Rick's Laptop\Desktop\Teds.lnk
2014-02-05 09:46 - 2013-11-16 07:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-05 06:34 - 2013-11-20 19:00 - 00003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-05 06:34 - 2013-11-20 19:00 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-05 06:26 - 2012-12-08 16:02 - 00000000 ____D () C:\Users\Rick's Laptop\Documents\Quicken
2014-02-04 15:05 - 2013-11-09 01:39 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-03 20:31 - 2013-11-21 08:16 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-02-03 20:27 - 2014-02-03 04:04 - 00058880 ___SH () C:\Users\Rick's Laptop\Downloads\Thumbs.db
2014-02-01 16:54 - 2013-11-07 22:09 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\Packages
2014-02-01 06:09 - 2013-08-22 08:46 - 00395543 _____ () C:\WINDOWS\setupact.log
2014-01-30 14:47 - 2013-08-22 09:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 14:47 - 2013-08-22 09:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12859392 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12617216 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 09007616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00110592 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00064000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2014-01-24 10:21 - 2013-11-21 19:08 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-01-21 23:55 - 2013-11-09 09:56 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Rick's Laptop\AppData\Local\Temp\aiw17746250.DLL
C:\Users\Rick's Laptop\AppData\Local\Temp\TntMagicDel.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-21 04:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Rick's Laptop at 2014-02-20 08:29:55
Running from C:\Users\Rick's Laptop\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4335 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.3.1.204 - AVG Technologies)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Canon MP495 series MP Drivers (Version: - )
Capture-A-ScreenShot (x32 Version: - PopDrops.com)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
Cirrus Logic Audio x64 (Version: 6.24.15.0 - Cirrus Logic) Hidden
Cisco Connect (x32 Version: 1.4.11200.0 - Cisco Consumer Products LLC)
ContentExplorer (x32 Version: 1.0.0.0 - ContentExplorer.net)
Coupon Printer for Windows (x32 Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
Dell Audio (x32 Version: 6.24.15.0 - Cirrus Logic)
Dell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU Version: 5.4.0.4 - Dell)
DW WLAN Card (Version: 6.30.59.26 - Dell Inc.)
eCabinet Systems 6.0 Build 11 (x32 Version: 6.0.54 - Thermwood Corporation)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
LK Maintenance (x32 Version: 1.0 - LK Maintenance)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (x32 Version: 24.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
MyPC Backup (Version: - MyPC Backup) <==== ATTENTION
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Photo Pos Pro (x32 Version: 1.89.7 - PowerOfSoftware Ltd.)
PokerStars (x32 Version: - PokerStars)
Quicken 2013 (x32 Version: 22.1.12.7 - Intuit)
Real Chess (x32 Version: 1.0 - Media Contact LLC)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.8013) (x32 Version: 3.0.0.8013 - Secunia)
UpdaterEX (HKCU Version: - UpdaterEX)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (Version: 12.0.0.1600 - Broadcom Corporation)

==================== Restore Points =========================

05-02-2014 13:53:30 Windows Update
13-02-2014 04:14:34 Windows Update
16-02-2014 08:38:27 Windows Update
19-02-2014 18:06:23 Removed LK Maintenance

==================== Hosts content: ==========================

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {056CA3A5-F42C-4ECE-9614-ADB00A50FDDE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-11-06] (PC-Doctor, Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1057775C-D1E0-4C8C-B65B-8D86A65A8745} - System32\Tasks\UpdaterEX => C:\Users\Rick's Laptop\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {16963F56-D506-43A5-A93E-D018413DEA45} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {63F2ABC2-C167-408C-BAFE-9BB9CD5D9B99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9C45382E-7C9C-4F95-B2AF-81A4399D5D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B162AEE0-E307-4E05-9C94-E52345E95949} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-16] (Microsoft Corporation)
Task: {C49628A5-DE5E-4520-8E2E-508037B14B17} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2013-09-19] (MyPCBackup.com)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D03DC520-7F07-470F-9002-D13029BE012C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {D3AB1FCB-B5FE-4B3B-8E3E-6E0C1F3A073A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\RICK'S~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-19 16:32 - 2013-09-19 16:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-09-19 16:32 - 2013-09-19 16:32 - 00048128 _____ () C:\Program Files (x86)\MyPC Backup\diffstack.dll
2012-07-19 13:53 - 2012-07-19 13:53 - 00043384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2014-01-10 10:36 - 2014-01-10 10:36 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2013-09-19 16:37 - 2013-09-19 16:37 - 03889152 _____ () C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
2013-09-19 16:37 - 2013-09-19 16:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 19:16 - 2012-08-06 19:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 19:16 - 2012-08-06 19:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-20 19:00 - 2014-02-05 06:33 - 02535448 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-11-01 14:11 - 2013-11-01 14:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-01-10 10:36 - 2014-01-10 10:36 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-12-20 11:32 - 2014-02-14 06:45 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-10 11:28 - 2014-01-10 10:36 - 00649752 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0\NativeBrowserApi.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Rick's Laptop\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2014 08:10:21 AM) (Source: CirrusAudioService) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/20/2014 01:13:38 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:10:31 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:10:03 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:09:31 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:09:06 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:08:31 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:08:03 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:07:31 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:07:02 AM) (Source: MsiInstaller) (User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

System errors:
=============
Error: (02/20/2014 07:29:04 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:57 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:55 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:53 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:52 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:49 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:48 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:28:46 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:27:44 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (02/20/2014 07:27:43 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Microsoft Office Sessions:
=========================
Error: (02/20/2014 08:10:21 AM) (Source: CirrusAudioService)(User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/20/2014 01:13:38 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:10:31 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:10:03 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:09:31 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:09:06 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:08:31 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:08:03 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:07:31 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/20/2014 01:07:02 AM) (Source: MsiInstaller)(User: RICKSLAPTOP)
Description: Product: LK Maintenance -- Error 1001. Error 1001. An exception occurred during the Commit phase of the installation. This exception will be ignored and installation will continue. However, the application might not function correctly after installation is complete. --> The operation was canceled by the user(NULL)(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3959.09 MB
Available physical RAM: 2198.68 MB
Total Pagefile: 6391.09 MB
Available Pagefile: 4439.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.28 GB) (Free:422.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: EA5AE5D1)

Partition: GPT Partition Type
==================== End Of Log ============================

kevinf80 · February 20, 2014

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log..

Post the logs from those scan, let me know if there are any remaining issues or concerns...

Kevin

fixlist.txt

Rickaber · February 24, 2014

Kevin,

Ran tools as directed. Here are results. Hope this takes care of it. Popped up during clean up process but haven't seen again. Got out of order and ran AwdCleane twice, both logs posted. Look the same.

Thanks again for your assistance

#AdwCleaner v3.019 - Report created 23/02/2014 at 21:44:36
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Rick's Laptop - RICKSLAPTOP
# Running from : C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Rick's Laptop\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Rick's Laptop\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6194 octets] - [23/02/2014 21:05:46]
AdwCleaner[R1].txt - [1438 octets] - [23/02/2014 21:33:15]
AdwCleaner[s0].txt - [6030 octets] - [23/02/2014 21:12:31]
AdwCleaner[s1].txt - [1371 octets] - [23/02/2014 21:44:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1431 octets] ##########

# AdwCleaner v3.019 - Report created 23/02/2014 at 21:44:36
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Rick's Laptop - RICKSLAPTOP
# Running from : C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Rick's Laptop\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Rick's Laptop\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\prefs.js ]

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6194 octets] - [23/02/2014 21:05:46]
AdwCleaner[R1].txt - [1438 octets] - [23/02/2014 21:33:15]
AdwCleaner[s0].txt - [6030 octets] - [23/02/2014 21:12:31]
AdwCleaner[s1].txt - [1371 octets] - [23/02/2014 21:44:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1431 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Rick's Laptop on Sun 02/23/2014 at 22:37:18.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Rick's Laptop\AppData\Roaming\mozilla\firefox\profiles\0jwj617o.default\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at 22:43:52.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

kevinf80 · February 24, 2014

Where is the log from the FRST fix run? I need to see that please... Check in this folder C:\FRST\Logs Also give an update on any remaining issues or concerns.

Kevin....

Rickaber · February 25, 2014

Sorry about that. I must have missed it.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Rick's Laptop (administrator) on RICKSLAPTOP on 23-02-2014 21:25:20
Running from C:\Users\Rick's Laptop\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AECLSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell) C:\Users\Rick's Laptop\AppData\Local\Apps\2.0\JZHQE4QB.0G7\GPC3B75T.PN9\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Dell Audio] - C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
HKU\.DEFAULT\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [DellSystemDetect] - C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49736;https=127.0.0.1:49736
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC69535497BDCCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyDzz0E0DtCtB0C0AtAzyyEtN0D0Tzu0CyCyByBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=171310310&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {127F0C0B-9787-46AA-A230-EB52610137EB} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10881
SearchScopes: HKCU - {9D66947F-0C8A-4CE9-914A-0AE79D4D1525} URL = http://search.findwide.com/serp?guid={0DD1CC0F-CB50-4064-A599-E86010E35525}&action=default_search&serpv=22&k={searchTerms}
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.217.0.5 24.217.201.67 24.247.15.53

FireFox:
========
FF ProfilePath: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\searchplugins\conduit-search.xml
FF Extension: MyWordTool - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\emily@wilford.biz [2014-01-06]
FF Extension: Karma Blocker - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\kabl@trac.arantius.com.xpi [2014-01-10]
FF Extension: Yes popups - C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\Extensions\yespopupsV1@patheticcockroach.com.xpi [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi

Chrome:
=======

CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Extension: (AVG SafeGuard) - C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-01]
CHR Extension: (Google Wallet) - C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]

==================== Services (Whitelisted) =================

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2013-08-29] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-07] (Broadcom Corporation.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S2 CirrusAudioService; C:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2013-08-29] (Cirrus Logic)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-23 21:22 - 2014-02-23 21:22 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\FRST-OlderVersion
2014-02-23 21:05 - 2014-02-23 21:12 - 00000000 ____D () C:\AdwCleaner
2014-02-23 21:04 - 2014-02-23 21:04 - 01241834 _____ () C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
2014-02-23 21:01 - 2014-02-23 21:01 - 00007779 _____ () C:\Users\Rick's Laptop\Desktop\JRT.txt
2014-02-23 20:53 - 2014-02-23 20:53 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-23 20:27 - 2014-02-23 21:25 - 00014645 _____ () C:\Users\Rick's Laptop\Downloads\FRST.txt
2014-02-23 07:26 - 2014-02-23 07:30 - 00000000 ____D () C:\Users\Rick's Laptop\Desktop\Txt files trojan
2014-02-21 10:40 - 2014-02-21 10:41 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\Trojan Fix 2_21_14
2014-02-21 10:38 - 2014-02-21 10:38 - 01037734 _____ (Thisisu) C:\Users\Rick's Laptop\Downloads\JRT.exe
2014-02-20 08:29 - 2014-02-23 21:25 - 00000000 ____D () C:\FRST
2014-02-20 08:28 - 2014-02-23 21:22 - 02155520 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST64.exe
2014-02-20 00:43 - 2014-02-20 00:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rick's Laptop\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 23:46 - 2014-02-20 08:10 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
2014-02-17 10:06 - 2014-02-17 10:06 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
2014-02-17 08:21 - 2014-02-17 09:48 - 00232700 _____ () C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2014-02-17 08:21 - 2014-02-17 09:48 - 00001987 _____ () C:\Users\Rick's Laptop\Desktop\Photo Pos Pro.lnk
2014-02-17 08:21 - 2014-02-17 09:48 - 00000000 ____D () C:\Program Files (x86)\Photo Pos Pro
2014-02-17 08:21 - 2014-02-17 08:21 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
2014-02-17 08:15 - 2014-02-17 08:15 - 00930440 _____ (CNET Download.com) C:\Users\Rick's Laptop\Downloads\cbsidlm-cbsi176-Photo_Pos_Pro-BP-10264444.exe
2014-02-16 01:36 - 2013-12-08 18:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-16 01:36 - 2013-12-08 18:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 01:36 - 2013-11-27 09:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-16 01:36 - 2013-11-27 09:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-16 01:36 - 2013-11-27 08:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 01:36 - 2013-11-27 07:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 01:36 - 2013-11-27 06:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-16 01:36 - 2013-11-27 04:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-16 01:36 - 2013-11-27 04:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-16 01:36 - 2013-11-27 04:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 01:36 - 2013-11-27 03:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 01:36 - 2013-11-27 03:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-16 01:36 - 2013-11-27 03:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-16 01:36 - 2013-11-27 03:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-16 01:36 - 2013-11-27 02:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-16 01:36 - 2013-11-27 02:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 01:36 - 2013-11-26 22:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-16 01:36 - 2013-11-26 07:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-16 01:36 - 2013-11-26 07:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-16 01:36 - 2013-11-26 05:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-16 01:36 - 2013-11-26 05:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-16 01:36 - 2013-11-26 05:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 01:36 - 2013-11-26 04:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-16 01:36 - 2013-11-26 03:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-16 01:36 - 2013-11-26 02:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 01:36 - 2013-11-24 19:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-16 01:36 - 2013-11-24 19:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-16 01:36 - 2013-11-24 17:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-16 01:36 - 2013-11-24 17:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-16 01:36 - 2013-11-23 06:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-16 01:36 - 2013-11-23 05:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-16 01:36 - 2013-11-23 02:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 01:36 - 2013-11-23 01:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-16 01:36 - 2013-11-23 01:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-16 01:36 - 2013-11-23 01:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-16 01:36 - 2013-11-22 22:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-16 01:36 - 2013-11-22 21:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-16 01:36 - 2013-11-22 21:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 01:36 - 2013-11-22 21:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-16 01:36 - 2013-11-22 21:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 01:36 - 2013-11-22 21:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-16 01:36 - 2013-11-22 21:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 01:36 - 2013-11-21 00:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-16 01:36 - 2013-11-21 00:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-16 01:36 - 2013-11-15 23:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-16 01:36 - 2013-11-15 12:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-16 01:36 - 2013-11-15 08:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-16 01:36 - 2013-11-15 08:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 01:36 - 2013-11-15 08:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-16 01:36 - 2013-11-15 07:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-16 01:36 - 2013-11-05 14:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-16 01:36 - 2013-10-30 18:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-16 01:36 - 2013-10-30 17:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 21:46 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 21:46 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 21:46 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 21:46 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 21:46 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 21:46 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 21:46 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 21:46 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 21:46 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 21:46 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 21:46 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 21:46 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 21:46 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 21:46 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 21:46 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 21:46 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 21:46 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 21:46 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 21:46 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 21:46 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 21:46 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 21:46 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 21:46 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 21:46 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 21:46 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 21:46 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 21:46 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 21:46 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 21:46 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 21:46 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 21:46 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 21:46 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 21:46 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 21:46 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 21:46 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 21:46 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 21:46 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 21:46 - 2014-01-06 23:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 21:46 - 2014-01-06 22:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 21:46 - 2013-12-08 18:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 21:46 - 2013-12-08 18:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 21:46 - 2013-12-08 17:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 21:46 - 2013-12-08 17:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 21:46 - 2013-11-21 00:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 21:46 - 2013-11-20 23:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 21:45 - 2014-01-09 02:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 21:45 - 2014-01-09 01:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 21:45 - 2014-01-09 01:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 21:45 - 2014-01-09 01:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 21:45 - 2014-01-09 01:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 21:45 - 2014-01-09 01:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 21:45 - 2014-01-09 01:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 21:45 - 2014-01-09 01:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 21:45 - 2014-01-09 01:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 21:45 - 2014-01-09 01:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-12 21:45 - 2014-01-07 01:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 21:45 - 2014-01-06 23:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 21:45 - 2014-01-04 14:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 21:45 - 2014-01-04 13:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 21:45 - 2014-01-04 08:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 21:45 - 2014-01-04 08:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 21:45 - 2014-01-04 07:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 21:45 - 2014-01-04 07:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 21:45 - 2014-01-04 07:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 21:45 - 2014-01-04 07:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 21:45 - 2013-12-20 20:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 21:45 - 2013-12-20 20:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 21:45 - 2013-12-20 04:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 21:45 - 2013-12-20 00:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 21:45 - 2013-12-08 20:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 21:45 - 2013-12-08 19:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-10 13:28 - 2014-02-10 13:28 - 00837261 _____ () C:\Users\Rick's Laptop\Downloads\winter_2013.zip
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Rick's Laptop\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Guest\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00000000 ____D () C:\Program Files (x86)\Capture-A-ScreenShot
2014-02-06 07:32 - 2014-02-06 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\FrmMain
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Canon
2014-02-05 09:54 - 2014-02-05 09:54 - 00002204 _____ () C:\Users\Rick's Laptop\Desktop\Teds.lnk
2014-02-03 04:04 - 2014-02-03 20:27 - 00058880 ___SH () C:\Users\Rick's Laptop\Downloads\Thumbs.db
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll

==================== One Month Modified Files and Folders =======

2014-02-23 21:25 - 2014-02-23 20:27 - 00014645 _____ () C:\Users\Rick's Laptop\Downloads\FRST.txt
2014-02-23 21:25 - 2014-02-20 08:29 - 00000000 ____D () C:\FRST
2014-02-23 21:22 - 2014-02-23 21:22 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\FRST-OlderVersion
2014-02-23 21:22 - 2014-02-20 08:28 - 02155520 _____ (Farbar) C:\Users\Rick's Laptop\Downloads\FRST64.exe
2014-02-23 21:19 - 2013-11-07 22:18 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3664828930-2760834353-1218494814-1001
2014-02-23 21:16 - 2013-11-08 07:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 21:15 - 2013-11-10 20:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\Deployment
2014-02-23 21:15 - 2013-11-08 07:49 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 21:14 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-23 21:13 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-23 21:12 - 2014-02-23 21:05 - 00000000 ____D () C:\AdwCleaner
2014-02-23 21:12 - 2013-11-07 22:10 - 00000000 ___RD () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 21:09 - 2013-11-08 07:49 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 21:05 - 2013-11-09 01:39 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-23 21:04 - 2014-02-23 21:04 - 01241834 _____ () C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
2014-02-23 21:01 - 2014-02-23 21:01 - 00007779 _____ () C:\Users\Rick's Laptop\Desktop\JRT.txt
2014-02-23 21:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-23 20:53 - 2014-02-23 20:53 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-23 20:52 - 2013-11-21 03:04 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{501C7A76-3964-4568-8185-C60C8903D577}
2014-02-23 20:26 - 2013-11-10 20:37 - 00000000 __RDO () C:\Users\Rick's Laptop\SkyDrive
2014-02-23 20:24 - 2013-11-10 20:24 - 01332485 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-23 20:23 - 2013-11-11 13:30 - 00046592 ___SH () C:\Users\Rick's Laptop\Desktop\Thumbs.db
2014-02-23 20:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-23 20:16 - 2013-11-16 07:56 - 00000000 ____D () C:\Program Files\My Dell
2014-02-23 20:01 - 2013-11-21 08:16 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-02-23 18:45 - 2013-11-09 01:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-23 07:30 - 2014-02-23 07:26 - 00000000 ____D () C:\Users\Rick's Laptop\Desktop\Txt files trojan
2014-02-23 06:56 - 2013-12-19 01:56 - 00000149 _____ () C:\Users\Rick's Laptop\AppData\Roaming\WB.CFG
2014-02-22 16:15 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-21 15:54 - 2013-12-01 14:01 - 12652544 _____ () C:\Users\Rick's Laptop\Documents\Rick's Quicken Data.QDF-backup
2014-02-21 10:41 - 2014-02-21 10:40 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\Trojan Fix 2_21_14
2014-02-21 10:38 - 2014-02-21 10:38 - 01037734 _____ (Thisisu) C:\Users\Rick's Laptop\Downloads\JRT.exe
2014-02-20 13:05 - 2013-11-09 01:39 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 09:09 - 2013-11-16 07:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-20 08:12 - 2013-11-09 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 08:10 - 2014-02-19 23:46 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
2014-02-20 08:10 - 2013-09-29 21:55 - 00107838 _____ () C:\WINDOWS\PFRO.log
2014-02-20 00:43 - 2014-02-20 00:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Rick's Laptop\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 13:10 - 2013-09-29 22:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-19 12:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-17 15:00 - 2013-08-22 09:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 15:00 - 2013-08-22 09:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 10:06 - 2014-02-17 10:06 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
2014-02-17 09:48 - 2014-02-17 08:21 - 00232700 _____ () C:\WINDOWS\Photo Pos Pro Uninstaller.exe
2014-02-17 09:48 - 2014-02-17 08:21 - 00001987 _____ () C:\Users\Rick's Laptop\Desktop\Photo Pos Pro.lnk
2014-02-17 09:48 - 2014-02-17 08:21 - 00000000 ____D () C:\Program Files (x86)\Photo Pos Pro
2014-02-17 08:34 - 2013-11-07 22:09 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\VirtualStore
2014-02-17 08:21 - 2014-02-17 08:21 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
2014-02-17 08:15 - 2014-02-17 08:15 - 00930440 _____ (CNET Download.com) C:\Users\Rick's Laptop\Downloads\cbsidlm-cbsi176-Photo_Pos_Pro-BP-10264444.exe
2014-02-17 04:54 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 03:26 - 2013-11-07 22:10 - 00000000 ___RD () C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 03:25 - 2013-08-22 08:44 - 00360248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-17 03:24 - 2013-11-08 06:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-17 03:22 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 03:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 03:22 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 02:41 - 2013-11-09 03:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 02:39 - 2013-11-09 03:51 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 02:04 - 2013-11-08 07:49 - 00003908 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 02:04 - 2013-11-08 07:49 - 00003672 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 07:39 - 2013-10-27 09:32 - 00000000 ____D () C:\Users\Rick's Laptop\Documents\ACW Plans
2014-02-14 06:45 - 2013-12-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 14:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-02-13 10:54 - 2013-07-26 06:22 - 00000000 ____D () C:\Users\Rick's Laptop\Downloads\KVCCU
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 10:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-13 10:15 - 2013-11-09 01:54 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-10 13:28 - 2014-02-10 13:28 - 00837261 _____ () C:\Users\Rick's Laptop\Downloads\winter_2013.zip
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Rick's Laptop\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00001079 _____ () C:\Users\Guest\Desktop\Capture-A-ScreenShot.lnk
2014-02-10 07:06 - 2014-02-10 07:06 - 00000000 ____D () C:\Program Files (x86)\Capture-A-ScreenShot
2014-02-06 12:17 - 2014-02-06 07:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 06:16 - 2014-02-12 21:46 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 21:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 21:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 21:46 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 21:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 21:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 21:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 21:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 04:49 - 2014-02-12 21:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 21:46 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 21:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 21:46 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 21:46 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 21:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 21:46 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 21:46 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 21:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 21:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 21:46 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 21:46 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 21:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 21:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 21:46 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 03:47 - 2014-02-12 21:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 21:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 21:46 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 21:46 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 21:46 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 21:46 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 21:46 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 21:46 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 21:46 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 21:46 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 21:46 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 21:46 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 21:46 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 21:46 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\FrmMain
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-02-05 10:04 - 2014-02-05 10:04 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Roaming\Canon
2014-02-05 09:54 - 2014-02-05 09:54 - 00002204 _____ () C:\Users\Rick's Laptop\Desktop\Teds.lnk
2014-02-05 06:34 - 2013-11-20 19:00 - 00003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-05 06:26 - 2012-12-08 16:02 - 00000000 ____D () C:\Users\Rick's Laptop\Documents\Quicken
2014-02-03 20:27 - 2014-02-03 04:04 - 00058880 ___SH () C:\Users\Rick's Laptop\Downloads\Thumbs.db
2014-02-01 16:54 - 2013-11-07 22:09 - 00000000 ____D () C:\Users\Rick's Laptop\AppData\Local\Packages
2014-02-01 06:09 - 2013-08-22 08:46 - 00395543 _____ () C:\WINDOWS\setupact.log
2014-01-29 23:02 - 2014-01-29 23:02 - 13031424 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11176448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 11049472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 10812928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 05904856 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 05363200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2014-01-29 23:02 - 2014-01-29 23:02 - 03511296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 03121152 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 01040384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00931840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00575488 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00542720 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00515544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00442880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00442328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00440320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00439296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00438272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00435712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00432128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00431104 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00429056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00428544 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00410624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00399832 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00384512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00330752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2014-01-29 23:02 - 2014-01-29 23:02 - 00279000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00254936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00223664 _____ () C:\WINDOWS\system32\Gfxres.th-TH.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00210106 _____ () C:\WINDOWS\system32\Gfxres.el-GR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00194245 _____ () C:\WINDOWS\system32\Gfxres.ru-RU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00185816 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00175104 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00171992 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00166170 _____ () C:\WINDOWS\system32\Gfxres.ar-SA.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00163421 _____ () C:\WINDOWS\system32\Gfxres.ja-JP.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00159008 _____ () C:\WINDOWS\system32\Gfxres.he-IL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00149682 _____ () C:\WINDOWS\system32\Gfxres.it-IT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00148042 _____ () C:\WINDOWS\system32\Gfxres.ko-KR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147393 _____ () C:\WINDOWS\system32\Gfxres.de-DE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00147288 _____ () C:\WINDOWS\system32\Gfxres.es-ES.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00146004 _____ () C:\WINDOWS\system32\Gfxres.ro-RO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00145491 _____ () C:\WINDOWS\system32\Gfxres.fr-FR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144645 _____ () C:\WINDOWS\system32\Gfxres.tr-TR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144260 _____ () C:\WINDOWS\system32\Gfxres.pt-BR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00144020 _____ () C:\WINDOWS\system32\Gfxres.nl-NL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00143932 _____ () C:\WINDOWS\system32\Gfxres.hu-HU.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142882 _____ () C:\WINDOWS\system32\Gfxres.sv-SE.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142877 _____ () C:\WINDOWS\system32\Gfxres.pt-PT.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142717 _____ () C:\WINDOWS\system32\Gfxres.pl-PL.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00142289 _____ () C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00142008 _____ () C:\WINDOWS\system32\Gfxres.fi-FI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141838 _____ () C:\WINDOWS\system32\Gfxres.sk-SK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00141049 _____ () C:\WINDOWS\system32\Gfxres.hr-HR.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137889 _____ () C:\WINDOWS\system32\Gfxres.sl-SI.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137784 _____ () C:\WINDOWS\system32\Gfxres.nb-NO.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00137141 _____ () C:\WINDOWS\system32\Gfxres.da-DK.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00126976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2014-01-29 23:02 - 2014-01-29 23:02 - 00126300 _____ () C:\WINDOWS\system32\Gfxres.zh-TW.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00124650 _____ () C:\WINDOWS\system32\Gfxres.zh-CN.resources
2014-01-29 23:02 - 2014-01-29 23:02 - 00116224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v3347.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00098304 _____ () C:\WINDOWS\system32\igdde64.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00077312 _____ () C:\WINDOWS\SysWOW64\igdde32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00028672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00025088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00017058 _____ () C:\WINDOWS\system32\iglhxs64.vp
2014-01-29 23:02 - 2014-01-29 23:02 - 00009728 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12859392 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 12617216 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 09007616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00110592 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2014-01-29 23:02 - 2012-12-14 02:42 - 00064000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2014-01-24 10:21 - 2013-11-21 19:08 - 00000000 ____D () C:\Program Files (x86)\PasswordBox

Some content of TEMP:
====================
C:\Users\Rick's Laptop\AppData\Local\Temp\aiw17746250.DLL
C:\Users\Rick's Laptop\AppData\Local\Temp\Quarantine.exe
C:\Users\Rick's Laptop\AppData\Local\Temp\TntMagicDel.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-21 04:00

==================== End Of Log ============================

kevinf80 · February 26, 2014

That is the incorrect log, I want to see Fixlog.txt. Also give an update on any remaining issues or concerns.

Kevin...

Rickaber · February 27, 2014

Kevin Is this the file you need? Only one I could find, (fixlist.txt)

Rebooted laptop from scratch and it popped up again and asked to change hard dirve. I denied and it went away but it did change my log on options and I had to reset i.e. chedked..find setting auto and uncheck...use proxy server.

This is the only log I could find, if its not the one perhaps I missed a program to run. Let me know.

Thanks Rick

Start
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [iLivid] - "C:\Users\Rick's Laptop\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Users\Rick's Laptop\AppData\Local\iLivid
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
Startup: C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
ProxyServer: http=127.0.0.1:49853;https=127.0.0.1:49853
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=171310310&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.condui...9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.condui...rchSource=45&q={searchTerms}
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.condui...9DED&q=%s&SSPV=
C:\Users\Rick's Laptop\AppData\Local\Temp\aiw17746250.DLL
C:\Users\Rick's Laptop\AppData\Local\Temp\TntMagicDel.dll
Task: {1057775C-D1E0-4C8C-B65B-8D86A65A8745} - System32\Tasks\UpdaterEX => C:\Users\Rick's Laptop\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\RICK'S~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End

kevinf80 · February 27, 2014

That is the file I had attached to a previous reply for you to d/l and run a FRST fix with, when that completed it would have produced the log I want to see. Lets do that again and see if it was missed out...

Follow the instructions as given:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Kevin..

fixlist.txt

Rickaber · February 28, 2014

Ok, think I got it right this time. In the meantime LV changed my connection again and I can't seem to run Sequnia PSI???

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2014 02
Ran by Rick's Laptop at 2014-02-27 22:47:00 Run:1
Running from C:\Users\Rick's Laptop\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [iLivid] - "C:\Users\Rick's Laptop\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Users\Rick's Laptop\AppData\Local\iLivid
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [ContentExplorer] - C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe [441104 2014-02-17] (ContentExplorer)
C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\...\Run: [LVMaintenance] - C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance
Startup: C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
C:\Program Files (x86)\MyPC Backup
ProxyServer: http=127.0.0.1:49853;https=127.0.0.1:49853
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=171310310&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.condui...9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...9845A3469DED&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.condui...rchSource=45&q={searchTerms}
FF NewTab: user_pref("browser.newtab.url", "");
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.condui...9DED&q=%s&SSPV=
C:\Users\Rick's Laptop\AppData\Local\Temp\aiw17746250.DLL
C:\Users\Rick's Laptop\AppData\Local\Temp\TntMagicDel.dll
Task: {1057775C-D1E0-4C8C-B65B-8D86A65A8745} - System32\Tasks\UpdaterEX => C:\Users\Rick's Laptop\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\RICK'S~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
End
*****************

HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Unable to delete value
"C:\Users\Rick's Laptop\AppData\Local\iLivid" => File/Directory not found.
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value deleted successfully.
C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer => Moved successfully.
HKU\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Windows\CurrentVersion\Run\\LVMaintenance => Value deleted successfully.
C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance => Moved successfully.
C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D0EF54D-9BB6-4768-9A07-0B4610065B04} => Key not found.
HKCR\CLSID\{0D0EF54D-9BB6-4768-9A07-0B4610065B04} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.condui...9DED&q=%s&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Rick's Laptop\AppData\Local\Temp\aiw17746250.DLL => Moved successfully.
C:\Users\Rick's Laptop\AppData\Local\Temp\TntMagicDel.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1057775C-D1E0-4C8C-B65B-8D86A65A8745} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1057775C-D1E0-4C8C-B65B-8D86A65A8745} => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.
C:\WINDOWS\Tasks\UpdaterEX.job not found.

==== End of Fixlog ====

kevinf80 · February 28, 2014

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip”

Double click zip file and extract to your Desktop:

you will now have 3 versions of the tool on the Desktop:

%7Boption%7D http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Zoeke.jpg[/img]

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply…..

Next,

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

<<- 64 bit….

<<- 32 bit

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:RegfindLVMaintenance

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Post those two logs, the program you will not run, is that a software inspector?

kevin

Rickaber · February 28, 2014

Kevin,

Here are the results of the two runs you asked for.

Yes PSI is a Personal Software Inspector. It runs on a schedule. I tried to run it today before starting this to make sure all programs were up to date but it quit and asked for me to run it manually, which it has never done before. Program stopped responding and I had to exit.

Thanks for your patience,

Rick

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Rick's Laptop on Fri 02/28/2014 at 13:08:42.78.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rick's Laptop\AppData\Local\Temp\Temp1_zoek.zip\zoek.scr [scan all users] [script inserted]

==== System Restore Info ======================

2/28/2014 1:11:27 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Internet Explorer\SearchScopes\{127F0C0B-9787-46AA-A230-EB52610137EB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Mozilla\Firefox\Extensions\{8492baab-62ca-4e2c-983b-dfef7cae8082} deleted successfully

==== Installed Programs ======================

Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AVG 2014
BlackBerry Desktop Software 7.1
Canon MP495 series MP Drivers
Capture-A-ScreenShot
Cirrus Logic Audio Panel
Cirrus Logic Audio x64
Cisco Connect
ContentExplorer
Coupon Printer for Windows
Dell Audio
Dell Resource CD
Dell System Detect
DW WLAN Card
eCabinet Systems 6.0 Build 13
Google Chrome
Google Earth
Google Update Helper
Intel® Control Center
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
IrfanView (remove only)
LK Maintenance
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
OpenOffice 4.0.1
Photo Pos Pro
PokerStars
Quicken 2013
Real Chess
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Secunia PSI (3.0.0.8013)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WIDCOMM Bluetooth Software

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Rick's Laptop\daemonprocess.txt deleted
C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\Rick's Laptop\AppData\Local\cache deleted
C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\j1gfuspp.default\searchplugins\safeguard-secure-search.xml deleted
C:\Users\RICK'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\extensions\emily@wilford.biz deleted
"C:\Users\Rick's Laptop\AppData\Roaming\FrmMain" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3960 MB
CPU Info: Intel® Core i3-2370M CPU @ 2.40GHz
CPU Speed: 2442.2 MHz
Sound Card: Speakers (Cirrus Logic High Def |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth Device (Personal Area Network) | Dell Wireless 1704 802.11b/g/n (2.4GHz) | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD+-RW GT80N
Ports: COM3 | COM4 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 464.3GB
Hard Disks - Free: C: 423.5GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | | DELL - 1072009
Time Zone: Central Standard Time
Motherboard *: Dell Inc. 0N7MW6
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Firefox   27.0.1
Internet Explorer Version: 11.0.9600.16518
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 33.0.1750.117
Adobe Reader version: 11.0.06.70
Flash Player version: 12.0.0.70

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-02-17 14:21:19   53116CF5EEB4CE330285C55D8B74C991   232700   ----a-w-   C:\WINDOWS\Photo Pos Pro Uninstaller.exe
====== C:\Users\RICK'S~1\AppData\Local\Temp ====
2014-02-24 02:52:20   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-02-16 07:36:35   7FA3046AC2751A408899EFD331FE1980   479744   ----a-w-   C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-16 07:36:35   6A7D239E3A3B90818B9BFE7B7CCD4BFC   584192   ----a-w-   C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-16 07:36:29   9EA661DB9B393F46046D6181A3DDC4AD   2804528   ----a-w-   C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-16 07:36:26   BEFC9EE0724E53E004A6316C20931F99   2142936   ----a-w-   C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-16 07:36:26   A6A82DE8976069DBA0256AE5327110B5   1371312   ----a-w-   C:\WINDOWS\SysWOW64\combase.dll
2014-02-16 07:36:25   2E6C68B92DFB0A95771F6DD7A4179FFE   13925888   ----a-w-   C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 07:36:23   E0C156E4380CE5C64CFBF2650895038D   18642504   ----a-w-   C:\WINDOWS\SysWOW64\shell32.dll
2014-02-16 07:36:23   72B3380DA5EA53028501F3B94E421FBB   2295808   ----a-w-   C:\WINDOWS\SysWOW64\authui.dll
2014-02-16 07:36:22   D11A05032C28EE7588C135ECF7B49E81   1204968   ----a-w-   C:\WINDOWS\SysWOW64\winmde.dll
2014-02-16 07:36:21   15DF7EF29273464E6112E7A131537BCD   669344   ----a-w-   C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-16 07:36:20   FF73CDC3F09904D82B0CCC1CA750CD02   218112   ----a-w-   C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-16 07:36:20   C85EA737B20BEDC46CBA748DCE115184   433664   ----a-w-   C:\WINDOWS\SysWOW64\mfds.dll
2014-02-16 07:36:20   92124EF7B1BF5492EFCA17B3A208E4F4   663680   ----a-w-   C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-16 07:36:19   CF4C3815E577C7DC32BB8DB90F0B34C1   552624   ----a-w-   C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-16 07:36:19   4E556E5490191ED9B771576D9221A461   273920   ----a-w-   C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-16 07:36:19   48B8013201B1846F893A83606248A8CC   336384   ----a-w-   C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-16 07:36:19   06730D9C233B01E2F99C1BE2461629F7   980480   ----a-w-   C:\WINDOWS\SysWOW64\mispace.dll
2014-02-16 07:36:18   ECD4A3F754224C954D3D19B6ECBFE5AA   513536   ----a-w-   C:\WINDOWS\SysWOW64\rastls.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-02-16 07:36:35   0E0796E3413D38A396B1C1591CE2B72E   4191232   ----a-w-   C:\WINDOWS\Sysnative\win32k.sys
2014-02-16 07:36:34   F242938F69AA25B8ECD0D9E342799802   637952   ----a-w-   C:\WINDOWS\Sysnative\SettingSyncHost.exe
2014-02-16 07:36:34   2EAF0A1F9E4DF34862CC5A2B5437E450   744448   ----a-w-   C:\WINDOWS\Sysnative\SettingSyncCore.dll
2014-02-16 07:36:33   5F9799975EAB95431BF78428B26B4FF6   21196664   ----a-w-   C:\WINDOWS\Sysnative\shell32.dll
2014-02-16 07:36:30   32370AF583EC8B24D790E1B9201D6811   3210528   ----a-w-   C:\WINDOWS\Sysnative\msmpeg2vdec.dll
2014-02-16 07:36:29   013BB1B12833CD646175312307768F93   18577920   ----a-w-   C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2014-02-16 07:36:27   3E7B2C9026986C821E507A3319EA1D80   1928144   ----a-w-   C:\WINDOWS\Sysnative\combase.dll
2014-02-16 07:36:26   CA336E6ABF539A6D14DA3C49DDD24696   2131120   ----a-w-   C:\WINDOWS\Sysnative\mfcore.dll
2014-02-16 07:36:25   9FF95D589B5626852CECA2444C5C5A58   2617344   ----a-w-   C:\WINDOWS\Sysnative\authui.dll
2014-02-16 07:36:24   D33E2A482C47ABFDD80185DD9C8C06F1   1399176   ----a-w-   C:\WINDOWS\Sysnative\winmde.dll
2014-02-16 07:36:24   728D3349FAB251B0265EFA55C67DCA2D   1503232   ----a-w-   C:\WINDOWS\Sysnative\wlansvc.dll
2014-02-16 07:36:23   1A1B60D269F745C021F69564B5906AD0   1374384   ----a-w-   C:\WINDOWS\Sysnative\wmpmde.dll
2014-02-16 07:36:22   FCB3BD54917D36FE79DFDF0ED7ACBEBB   764856   ----a-w-   C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll
2014-02-16 07:36:22   EF276593AD1BDF5A99032F62D6272848   834048   ----a-w-   C:\WINDOWS\Sysnative\audiosrv.dll
2014-02-16 07:36:22   D65B1C952AEB864C2BAC7A770B17ECCE   282112   ----a-w-   C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2014-02-16 07:36:22   A6207A88B596F726DE558425F3B7E592   263168   ----a-w-   C:\WINDOWS\Sysnative\bisrv.dll
2014-02-16 07:36:21   B9FC41CEC711DC0E1BFE927EEDC49176   745336   ----a-w-   C:\WINDOWS\Sysnative\oleaut32.dll
2014-02-16 07:36:21   78AB9F5DC27E317F0B34C45D54ABB6B2   32088   ----a-w-   C:\WINDOWS\Sysnative\ploptin.dll
2014-02-16 07:36:21   660891FFB1B22FF39AADB3F45CE15D45   470016   ----a-w-   C:\WINDOWS\Sysnative\mfds.dll
2014-02-16 07:36:21   40B228D05DB02F4A5F2452600999F53F   809872   ----a-w-   C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2014-02-16 07:36:21   39435F4007F1CEDEF04356892B18D174   202240   ----a-w-   C:\WINDOWS\Sysnative\ubpm.dll
2014-02-16 07:36:20   E18E9C9EBCFCA456B74BB6A80B1DB226   1415680   ----a-w-   C:\WINDOWS\Sysnative\lsasrv.dll
2014-02-16 07:36:20   B818F6F3CA67E4BD278EDE5600BDD65E   461824   ----a-w-   C:\WINDOWS\Sysnative\XpsGdiConverter.dll
2014-02-16 07:36:20   54A9F4AC86F2A4E7C3ADE47CAE5DE8E0   136704   ----a-w-   C:\WINDOWS\Sysnative\psmsrv.dll
2014-02-16 07:36:20   34F8F7A0B782798F6A9511157BCC3E32   273408   ----a-w-   C:\WINDOWS\Sysnative\Windows.Graphics.dll
2014-02-16 07:36:19   FF9F658A51CAD74C25AF83038DBD735D   306688   ----a-w-   C:\WINDOWS\Sysnative\msieftp.dll
2014-02-16 07:36:19   CD45E3FE736150D45EFDC9145DA53757   24064   ----a-w-   C:\WINDOWS\Sysnative\bi.dll
2014-02-16 07:36:19   BDE4ABD3AB4171CECADFD38F392E656C   1227264   ----a-w-   C:\WINDOWS\Sysnative\mispace.dll
2014-02-16 07:36:19   91433B44B1EF301E7DD696EB5281BC20   589824   ----a-w-   C:\WINDOWS\Sysnative\rastls.dll
2014-02-16 07:36:18   AD95F86C8D1843BE653F89FDE213F9E7   207872   ----a-w-   C:\WINDOWS\Sysnative\deviceregistration.dll
2014-02-16 07:36:17   4B916278E1487A5CD5F8F9A521980026   385614   ----a-w-   C:\WINDOWS\Sysnative\ApnDatabase.xml
====== C:\WINDOWS\Sysnative\drivers =====
2014-02-16 07:36:26   3D9A5AC880D7AA2305812D665D24ED23   2551128   ----a-w-   C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-02-16 07:36:22   ED39D676080A1AEA755F1DEC1A8DF1A4   1119064   ----a-w-   C:\WINDOWS\Sysnative\drivers\ndis.sys
2014-02-16 07:36:21   79B6F3DF7CDFD12159871FF71464F0CE   403456   ----a-w-   C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-02-16 07:36:20   B7342B3C58E91107F6E946A93D9D4EFD   142848   ----a-w-   C:\WINDOWS\Sysnative\drivers\ipnat.sys
2014-02-16 07:36:20   4628B415A84EA9D4D396A56F1D0CB6C6   142680   ----a-w-   C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2014-02-16 07:36:19   1C89EF529DB7DCA98E801EFDCC8437DE   19456   ----a-w-   C:\WINDOWS\Sysnative\drivers\BtaMPM.sys
2014-01-30 05:02:28   8C44E6B688790E2AD3846C97661C54F1   5363200   ----a-w-   C:\WINDOWS\Sysnative\drivers\igdkmd64.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-26 14:21:45   --------   d-----w-   C:\PROGRA~2\Thermwood
2014-02-17 14:21:10   --------   d-----w-   C:\PROGRA~2\Photo Pos Pro
2014-02-10 13:06:15   --------   d-----w-   C:\PROGRA~2\Capture-A-ScreenShot
2014-02-06 13:32:06   --------   d-----w-   C:\PROGRA~2\Mozilla Thunderbird
2014-02-05 16:00:05   --------   d-----w-   C:\PROGRA~2\COMMON~1\Thraex Software
======= C: =====
====== C:\Users\Rick's Laptop\AppData\Roaming ======
2014-02-17 14:21:20   --------   d-----w-   C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Pos Pro
2014-02-05 16:04:16   --------   d-----w-   C:\Users\Rick's Laptop\AppData\Roaming\Canon
====== C:\Users\Rick's Laptop ======
2014-02-28 18:56:30   F783EC309D42813F74319EB776153B2B   165376   ----a-w-   C:\Users\Rick's Laptop\Desktop\SystemLook_x64.exe
2014-02-28 10:08:11   EDD0130A08CEE68C5AFDEB78BF95F3F8   124670   ----a-w-   C:\Users\Rick's Laptop\bookmarks-2014-02-28.json
2014-02-28 04:27:12   FD80AC97FF14151423964CF769146AE9   739792   ----a-w-   C:\Users\Rick's Laptop\Downloads\DriverUpdate-setup.exe
2014-02-26 14:22:06   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thermwood
2014-02-26 14:08:47   BD5331B8F9C7DD0C7A253E4392C8552C   132406040   ----a-w-   C:\Users\Rick's Laptop\Downloads\V6Build13Setup1.exe
2014-02-24 03:04:21   0840EB50F38B3A9BBA2D24780AEB07A6   1241834   ----a-w-   C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
2014-02-21 16:38:32   2075EBB7954277A05193412881EC8FDE   1037734   ----a-w-   C:\Users\Rick's Laptop\Downloads\JRT.exe
2014-02-20 14:28:44   2D824FE2E30CFC5E29DC9F8A61138409   2155520   ----a-w-   C:\Users\Rick's Laptop\Downloads\FRST64.exe
2014-02-20 06:43:12   683FDD3D773C58B262DC07CD0C6CE938   10285040   ----a-w-   C:\Users\Rick's Laptop\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 14:15:35   3A41815E8B51F2C408C90D56D6D5BF2A   930440   ----a-w-   C:\Users\Rick's Laptop\Downloads\cbsidlm-cbsi176-Photo_Pos_Pro-BP-10264444.exe
2014-02-10 13:06:15   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture-A-ScreenShot
2014-02-05 16:04:16   --------   d--h--w-   C:\ProgramData\CanonIJScan

====== C: exe-files ==
2014-02-28 18:56:30   F783EC309D42813F74319EB776153B2B   165376   ----a-w-   C:\Users\Rick's Laptop\Desktop\SystemLook_x64.exe
2014-02-28 04:46:58   D41D8CD98F00B204E9800998ECF8427E   0   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\IE\OHNGZ1XL\FRST64[1].exe
2014-02-28 04:27:12   FD80AC97FF14151423964CF769146AE9   739792   ----a-w-   C:\Users\Rick's Laptop\Downloads\DriverUpdate-setup.exe
2014-02-26 14:08:47   BD5331B8F9C7DD0C7A253E4392C8552C   132406040   ----a-w-   C:\Users\Rick's Laptop\Downloads\V6Build13Setup1.exe
2014-02-25 15:08:22   C80CF81A8723AB5094091C9BB5AEDD89   37110184   ----a-w-   C:\Program Files (x86)\Thermwood\eCabinet Systems\ECABINETS.exe
2014-02-24 03:22:13   2D824FE2E30CFC5E29DC9F8A61138409   2155520   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\IE\R2HAGMBL\FRST64[1].exe
2014-02-24 03:04:21   0840EB50F38B3A9BBA2D24780AEB07A6   1241834   ----a-w-   C:\Users\Rick's Laptop\Downloads\AdwCleaner.exe
2014-02-24 02:52:20   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
=== C: other files ==
2014-02-24 02:52:20   F7A2BEBE778DC26187C675948B2CEBAB   16063   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\get.bat
2014-02-24 02:52:20   CC6C23C02BE66014AD87F2678BBB3A1D   8117   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\modules.bat
2014-02-24 02:52:20   C9494C05F5248940AEE0D0A8C4EA89D9   152746   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\firefox.bat
2014-02-24 02:52:20   C4A5476A9D54B400F1623A2EE7DDA5C5   13955   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\chrome.bat
2014-02-24 02:52:20   B964B792D3692699CD7D4FDB63EE470E   1239   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\FWPolicy.bat
2014-02-24 02:52:20   B45931E5313CB14CAA0F2BC3DA30E6FC   29648   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\ask.bat
2014-02-24 02:52:20   B13567DECD03F424239DE6D1ED408C08   10261   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\JRT.bat
2014-02-24 02:52:20   80D02380F1AC33E459324B088392A1EC   732   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\ev_clear.bat
2014-02-24 02:52:20   75C9C20DD9839BF287B43B0E179822DC   31414   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\iexplore.bat
2014-02-24 02:52:20   7178963AEE641F3E47E1CE22416F8A3A   9295   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\runvalues.bat
2014-02-24 02:52:20   654E9FE74B930A454EE5BDE165794B65   85   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\delorphans.bat
2014-02-24 02:52:20   58605DA3492FB918D3D40B1FB88046AE   39471   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\prelim.bat
2014-02-24 02:52:20   3ECC13A08D5F7771A8C8ED15C2B2B6D5   154576   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\misc.bat
2014-02-24 02:52:20   372EA6F783198102CF5779072EE78C79   24751   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\searchlnk.bat
2014-02-24 02:52:20   1FBF882AA934A741530741FC134872A3   1243   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\TDL4.bat
2014-02-24 02:52:20   14D6EE8B672684E2232FB430D8C4A928   18668   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\medfos.bat
2014-02-24 02:52:20   0768E560CCD86C18F35FAD29DCEA7B80   1820   ----a-w-   C:\Users\Rick's Laptop\AppData\Local\Temp\jrt\delfolders.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe"
"ContentExplorer"="C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe"

[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_1113a"="C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe"
"ContentExplorer"="C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_1113a"="C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"Dell Audio"="C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

==== Startup Folders ======================

2013-11-08 11:33:57   834   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2013-11-09 09:00:04   1110   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/08/2013 07:49 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [undetermined Task]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{501C7A76-3964-4568-8185-C60C8903D577}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"firefox@passwordbox.com"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 07:08 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\j1gfuspp.default
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

ProfilePath: C:\Users\RICK'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
- Karma Blocker - %ProfilePath%\extensions\kabl@trac.arantius.com.xpi
- Yes popups - %ProfilePath%\extensions\yespopupsV1@patheticcockroach.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
D775FA6F1E88B3B99E69E8A0D6C3A819   - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll -   Shockwave Flash

==== Deleted Firefox Extensions ======================

C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\j1gfuspp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

Google Wallet - Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0A795D1E-52B5-D34B-44B7-5302B4FC288F} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9D66947F-0C8A-4CE9-914A-0AE79D4D1525} FindWide Url="http://search.findwide.com/serp?guid={0DD1CC0F-CB50-4064-A599-E86010E35525}&action=default_search&serpv=22&k={searchTerms}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a
O4 - HKUS\S-1-5-18\..\Run: [LVMaintenance] C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ContentExplorer] "C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LVMaintenance] C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @oem15.inf,%AEFilters.SvcDesc%;Andrea Cirrus Logic Filters Service (AECLFilters) - Unknown owner - C:\WINDOWS\system32\AECLSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @oem16.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cirrus Audio Service (CirrusAudioService) - Cirrus Logic - C:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     11/21/2013 10:55 AM
   AdobeFlashPlayerUpdateSvc
     C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     12.0.0.70
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     2/16/2014 7:21 PM
   AECLFilters
     %SystemRoot%\system32\AECLSr64.exe
     Andrea filters APO access service (64-bit)
     Andrea Electronics Corporation
     1.0.64.2
     c:\windows\system32\aeclsr64.exe
     12/9/2010 3:45 PM
   AVGIDSAgent
     "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
     Provides Identity Protection Against Cyber Crime.
     AVG Technologies CZ, s.r.o.
     14.0.0.4330
     c:\program files (x86)\avg\avg2014\avgidsagent.exe
     1/22/2014 5:19 AM
   avgwd
     "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
     AVG Watchdog Service
     AVG Technologies CZ, s.r.o.
     14.0.0.4204
     c:\program files (x86)\avg\avg2014\avgwdsvc.exe
     9/23/2013 5:33 PM
   BcmBtRSupport
     %SystemRoot%\system32\BtwRSupportService.exe
     Manages BTW drivers.
     Broadcom Corporation.
     12.0.0.8048
     c:\windows\system32\btwrsupportservice.exe
     10/21/2013 1:41 PM
   Blackberry Device Manager
     "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe"
     BlackBerry Device Manager
     Research In Motion Limited
     4.2.0.28
     c:\program files (x86)\common files\research in motion\usb drivers\bbdevmgr.exe
     1/18/2013 4:09 PM
   btwdins
     C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
     Handles installation and removal of Bluetooth devices.
     Broadcom Corporation.
     12.0.0.1600
     c:\program files\widcomm\bluetooth software\btwdins.exe
     7/19/2012 2:39 PM
   CirrusAudioService
     "C:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe"
     Manages audio services for Cirrus Logic codec
     Cirrus Logic
     1.0.0.0
     c:\program files\cirrus logic audio panel\cirrvus.exe
     5/24/2012 6:23 PM
   cphs
     %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
     Intel® Content Protection HECI Service - enables communication with the Content Protection FW
     Intel Corporation
     9.0.0.1340
     c:\windows\syswow64\intelcphecisvc.exe
     2/8/2013 2:26 PM
   gupdate
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     2/15/2012 8:43 PM
   gupdatem
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     2/15/2012 8:43 PM
   IAStorDataMgrSvc
     "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
     Provides storage event notification and manages communication between the storage driver and user space applications.
     Intel Corporation
     11.5.0.1207
     c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe
     7/9/2012 2:47 PM
   MBAMScheduler
     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
     Malwarebytes Anti-Malware scheduler
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe
     2/28/2013 2:38 PM
   MBAMService
     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
     Malwarebytes Anti-Malware service
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
     2/28/2013 2:38 PM
   MozillaMaintenance
     "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     27.0.1.5156
     c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
     2/12/2014 4:23 PM
   PasswordBox
     "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
     PasswordBox Service
     PasswordBox, Inc.
     1.8.2.0
     c:\program files (x86)\passwordbox\pbbtnservice.exe
     7/22/2013 7:59 AM
   Secunia PSI Agent
     "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
     Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI
     Secunia
     3.0.0.8013
     c:\program files (x86)\secunia\psi\psia.exe
     10/14/2013 12:28 AM
   Secunia Update Agent
     "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
     Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI
     Secunia
     3.0.0.8013
     c:\program files (x86)\secunia\psi\sua.exe
     10/14/2013 12:28 AM

HKLM\System\CurrentControlSet\Services
   3ware
     System32\drivers\3ware.sys
     LSI 3ware SCSI Storport Driver
     LSI
     5.1.0.51
     c:\windows\system32\drivers\3ware.sys
     4/11/2013 4:49 PM
   ADP80XX
     System32\drivers\ADP80XX.SYS
     PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller
     PMC-Sierra
     1.0.0.254
     c:\windows\system32\drivers\adp80xx.sys
     7/12/2013 3:47 PM
   amdsata
     System32\drivers\amdsata.sys
     AHCI 1.3 Device Driver
     Advanced Micro Devices
     1.1.4.14
     c:\windows\system32\drivers\amdsata.sys
     7/8/2013 4:54 PM
   amdsbs
     System32\drivers\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.7.1540.43
     c:\windows\system32\drivers\amdsbs.sys
     12/11/2012 3:21 PM
   amdxata
     System32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.4.14
     c:\windows\system32\drivers\amdxata.sys
     7/8/2013 4:45 PM
   arcsas
     System32\drivers\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     PMC-Sierra, Inc.
     7.2.0.30261
     c:\windows\system32\drivers\arcsas.sys
     7/8/2013 6:50 PM
   Avgboota
     system32\DRIVERS\avgboota.sys
     AVG Early Launch Anti-Malware Driver
     AVG Technologies CZ, s.r.o.
     13.0.0.3402
     c:\windows\system32\drivers\avgboota.sys
     8/20/2013 5:25 PM
   Avgdiska
     system32\DRIVERS\avgdiska.sys
     AVG File Vault Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgdiska.sys
     11/25/2013 2:47 PM
   AVGIDSDriver
     system32\DRIVERS\avgidsdrivera.sys
     AVG Technologies IDS Application Activity Monitor Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgidsdrivera.sys
     11/25/2013 2:47 PM
   AVGIDSHA
     system32\DRIVERS\avgidsha.sys
     AVG Technologies IDS Application Activity Monitor Helper Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4302
     c:\windows\system32\drivers\avgidsha.sys
     11/25/2013 2:47 PM
   Avgldx64
     system32\DRIVERS\avgldx64.sys
     AVG AVI Loader Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4219
     c:\windows\system32\drivers\avgldx64.sys
     10/31/2013 4:00 PM
   Avgloga
     system32\DRIVERS\avgloga.sys
     AVG Logging Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4219
     c:\windows\system32\drivers\avgloga.sys
     10/31/2013 3:49 PM
   Avgmfx64
     system32\DRIVERS\avgmfx64.sys
     AVG Resident Shield Minifilter Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4206
     c:\windows\system32\drivers\avgmfx64.sys
     9/30/2013 4:49 PM
   Avgrkx64
     system32\DRIVERS\avgrkx64.sys
     AVG Anti-Rootkit Driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4202
     c:\windows\system32\drivers\avgrkx64.sys
     9/9/2013 4:42 PM
   avgtp
     \??\C:\WINDOWS\system32\drivers\avgtpx64.sys
     AVG Technologies
     17.0.0.3
     c:\windows\system32\drivers\avgtpx64.sys
     8/29/2013 1:25 AM
   Avgwfpa
     \SystemRoot\system32\DRIVERS\avgwfpa.sys
     AVG Firewall driver
     AVG Technologies CZ, s.r.o.
     14.0.0.4212
     c:\windows\system32\drivers\avgwfpa.sys
     10/21/2013 2:28 PM
   b06bdrv
     System32\drivers\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     7.4.14.0
     c:\windows\system32\drivers\bxvbda.sys
     2/4/2013 1:47 PM
   bcbtums
     \SystemRoot\system32\drivers\bcbtums.sys
     Broadcom Bluetooth Firmware Download Filter
     Broadcom Corporation.
     12.0.0.8047
     c:\windows\system32\drivers\bcbtums.sys
     10/17/2013 2:45 PM
   BCM43XX
     \SystemRoot\system32\DRIVERS\bcmwl63a.sys
     Broadcom 802.11 Network Adapter wireless driver
     Broadcom Corporation
     6.30.59.26
     c:\windows\system32\drivers\bcmwl63a.sys
     7/9/2012 8:52 PM
   bcmfn2
     \SystemRoot\System32\drivers\bcmfn2.sys
     BCM Function 2 Device Driver
     Windows ® Win 7 DDK provider
     6.3.9391.6
     c:\windows\system32\drivers\bcmfn2.sys
     8/2/2013 5:59 PM
   btwampfl
     \SystemRoot\system32\DRIVERS\btwampfl.sys
     @oem16.inf,%btwampfl.ServiceDescription%;btwampfl Bluetooth filter driver
     Broadcom Corporation.
     12.0.0.7820
     c:\windows\system32\drivers\btwampfl.sys
     8/30/2013 12:32 PM
   btwaudio
     \SystemRoot\system32\drivers\btwaudio.sys
     Bluetooth Audio Device
     Broadcom Corporation.
     12.0.0.1420
     c:\windows\system32\drivers\btwaudio.sys
     6/28/2012 10:11 PM
   btwavdt
     \SystemRoot\system32\drivers\btwavdt.sys
     Broadcom Bluetooth AVDT Service
     Broadcom Corporation.
     12.0.0.1420
     c:\windows\system32\drivers\btwavdt.sys
     6/28/2012 10:10 PM
   btwl2cap
     \SystemRoot\system32\DRIVERS\btwl2cap.sys
     Broadcom Bluetooth L2CAP Service
     Broadcom Corporation.
     12.0.0.1100
     c:\windows\system32\drivers\btwl2cap.sys
     5/16/2012 4:41 AM
   btwrchid
     \SystemRoot\System32\drivers\btwrchid.sys
     Bluetooth Remote Control HID Minidriver
     Broadcom Corporation.
     12.0.0.1420
     c:\windows\system32\drivers\btwrchid.sys
     6/28/2012 10:11 PM
   CirrusLFD
     \SystemRoot\system32\DRIVERS\CSLFDx64.sys
     Hdaudio.sys Customization Filter
     Cirrus Logic
     6.6013.1.49
     c:\windows\system32\drivers\cslfdx64.sys
     3/19/2012 7:56 PM
   ebdrv
     System32\drivers\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     7.4.33.1
     c:\windows\system32\drivers\evbda.sys
     4/8/2013 8:30 AM
   HpSAMD
     System32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     8.0.4.0
     c:\windows\system32\drivers\hpsamd.sys
     3/26/2013 3:36 PM
   iaLPSSi_GPIO
     \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
     Intel® Serial IO GPIO Controller Driver
     Intel Corporation
     1.1.163.0
     c:\windows\system32\drivers\ialpssi_gpio.sys
     6/26/2013 8:22 AM
   iaLPSSi_I2C
     \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
     Intel® Serial IO I2C Controller Driver
     Intel Corporation
     1.1.163.0
     c:\windows\system32\drivers\ialpssi_i2c.sys
     6/26/2013 8:22 AM
   iaStorA
     System32\drivers\iaStorA.sys
     Intel Rapid Storage Technology driver - x64
     Intel Corporation
     11.6.1.1001
     c:\windows\system32\drivers\iastora.sys
     9/18/2012 4:46 PM
   iaStorAV
     System32\drivers\iaStorAV.sys
     Intel Rapid Storage Technology driver (inbox) - x64
     Intel Corporation
     12.0.1.1018
     c:\windows\system32\drivers\iastorav.sys
     7/31/2013 6:00 PM
   iaStorV
     System32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1019
     c:\windows\system32\drivers\iastorv.sys
     4/11/2011 12:48 PM
   igfx
     \SystemRoot\system32\DRIVERS\igdkmd64.sys
     Intel Graphics Kernel Mode Driver
     Intel Corporation
     9.17.10.3347
     c:\windows\system32\drivers\igdkmd64.sys
     10/31/2013 12:28 PM
   IntcDAud
     \SystemRoot\system32\DRIVERS\IntcDAud.sys
     Intel® Display Audio Driver
     Intel® Corporation
     6.14.0.3097
     c:\windows\system32\drivers\intcdaud.sys
     6/19/2012 8:40 AM
   LSI_SAS
     System32\drivers\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.34.3.82
     c:\windows\system32\drivers\lsi_sas.sys
     3/28/2013 11:42 AM
   LSI_SAS2
     System32\drivers\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.60.82
     c:\windows\system32\drivers\lsi_sas2.sys
     3/28/2013 11:45 AM
   LSI_SAS3
     System32\drivers\lsi_sas3.sys
     LSI SAS Gen3 Driver (StorPort)
     LSI Corporation
     2.50.65.1
     c:\windows\system32\drivers\lsi_sas3.sys
     3/15/2013 5:38 PM
   LSI_SSS
     System32\drivers\lsi_sss.sys
     LSI SSS PCIe/Flash Driver (StorPort)
     LSI Corporation
     2.10.61.81
     c:\windows\system32\drivers\lsi_sss.sys
     3/15/2013 5:39 PM
   MBAMProtector
     \??\C:\WINDOWS\system32\drivers\mbam.sys
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.60.2.0
     c:\windows\system32\drivers\mbam.sys
     2/28/2013 2:33 PM
   megasas
     System32\drivers\megasas.sys
     MEGASAS RAID Controller Driver for Windows
     LSI Corporation
     6.3.9466.0
     c:\windows\system32\drivers\megasas.sys
     7/23/2013 3:08 PM
   megasr
     System32\drivers\megasr.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     15.2.2013.129
     c:\windows\system32\drivers\megasr.sys
     6/3/2013 4:02 PM
   MEIx64
     \SystemRoot\System32\drivers\HECIx64.sys
     Intel® Management Engine Interface
     Intel Corporation
     8.1.0.1263
     c:\windows\system32\drivers\hecix64.sys
     7/2/2012 4:14 PM
   mvumis
     System32\drivers\mvumis.sys
     Marvell Flash Controller Driver
     Marvell Semiconductor, Inc.
     1.0.5.1015
     c:\windows\system32\drivers\mvumis.sys
     3/20/2013 11:14 AM
   nvraid
     System32\drivers\nvraid.sys
     NVIDIAr nForce RAID Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvraid.sys
     9/12/2011 6:01 PM
   nvstor
     System32\drivers\nvstor.sys
     NVIDIAr nForce Sata Performance Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvstor.sys
     9/12/2011 5:53 PM
   PSI
     system32\DRIVERS\psi_mf_amd64.sys
     PSI mini-filter driver
     Secunia
     1.0.10.5
     c:\windows\system32\drivers\psi_mf_amd64.sys
     2/7/2013 3:28 AM
   RimUsb
     \SystemRoot\System32\Drivers\RimUsb_AMD64.sys
     BlackBerry Device Driver
     Research In Motion Limited
     4.2.0.19
     c:\windows\system32\drivers\rimusb_amd64.sys
     12/21/2012 4:47 PM
   RimVSerPort
     \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
     RIM Virtual Serial Driver
     Research in Motion Ltd
     2.3.0.11
     c:\windows\system32\drivers\rimserial_amd64.sys
     10/22/2012 2:51 PM
   RSUSBSTOR
     \SystemRoot\System32\Drivers\RtsUStor.sys
     Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Win8
     Realtek Semiconductor Corp.
     6.1.8400.30136
     c:\windows\system32\drivers\rtsustor.sys
     6/13/2012 4:09 AM
   RTL8168
     \SystemRoot\system32\DRIVERS\Rt630x64.sys
     Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver
     Realtek
     8.1.510.2013
     c:\windows\system32\drivers\rt630x64.sys
     5/10/2013 3:59 AM
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     9/13/2006 7:18 AM
   SiSRaid2
     System32\drivers\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     9/24/2008 12:28 PM
   SiSRaid4
     System32\drivers\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     10/1/2008 3:56 PM
   stexstor
     System32\drivers\stexstor.sys
     Promise SuperTrak EX Series Driver for Windows x64
     Promise Technology, Inc.
     5.1.0.10
     c:\windows\system32\drivers\stexstor.sys
     11/26/2012 6:02 PM
   viaide
     System32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     8/22/2013 5:40 AM
   vsmraid
     System32\drivers\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     7.0.9200.6320
     c:\windows\system32\drivers\vsmraid.sys
     1/23/2013 2:35 PM
   VSTXRAID
     System32\drivers\vstxraid.sys
     VIA StorX RAID Controller Driver
     VIA Corporation
     8.0.9200.8110
     c:\windows\system32\drivers\vstxraid.sys
     1/21/2013 1:00 PM

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
   BtwCredentialProvider
     HKCR\CLSID\{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}
     BtwCP DLL
     Broadcom Corporation.
     12.0.0.1600
     c:\program files\widcomm\bluetooth software\btwcp.dll
     7/19/2012 2:40 PM

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
     igfxdev.dll
     igfxdev Module
     Intel Corporation
     8.15.10.3347
     c:\windows\system32\igfxdev.dll
     10/31/2013 12:25 PM

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   Canon BJ Language Monitor MP495 series
     CNMLMA9.DLL
     IJ Language Monitor
     CANON INC.
     0.3.0.1
     c:\windows\system32\cnmlma9.dll
     8/25/2010 11:40 AM

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
   _Wow64cpu
     Wow64cpu.dll
     File not found: C:\WINDOWS\syswow64\Wow64cpu.dll

   _Wow64win
     Wow64win.dll
     File not found: C:\WINDOWS\syswow64\Wow64win.dll

   _Wow64
     Wow64.dll
     File not found: C:\WINDOWS\syswow64\Wow64.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   Logitech Download Assistant
     C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
     Logitech Download Assistant
     Logitech, Inc.
     1.10.77.0
     c:\windows\system32\logilda.dll
     9/13/2012 4:51 PM
   Dell Audio
     C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
     Dell Audio
     1.2.10.0
     c:\program files\cirrus logic audio panel\cirrusaudiopanel_dell.exe
     7/25/2012 12:45 PM
   IgfxTray
     "C:\WINDOWS\system32\igfxtray.exe"
     igfxTray Module
     Intel Corporation
     8.15.10.3347
     c:\windows\system32\igfxtray.exe
     10/31/2013 12:26 PM
   HotKeysCmds
     "C:\WINDOWS\system32\hkcmd.exe"
     hkcmd Module
     Intel Corporation
     8.15.10.3347
     c:\windows\system32\hkcmd.exe
     10/31/2013 12:26 PM
   Persistence
     "C:\WINDOWS\system32\igfxpers.exe"
     persistence Module
     Intel Corporation
     8.15.10.3347
     c:\windows\system32\igfxpers.exe
     10/31/2013 12:26 PM

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
   IAStorIcon
     C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
     Delayed launcher
     Intel Corporation
     1.0.0.2
     c:\program files (x86)\intel\intel® rapid storage technology\iastoriconlaunch.exe
     7/16/2012 9:23 PM
   AVG_UI
     "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
     AVG User Interface
     AVG Technologies CZ, s.r.o.
     14.0.0.4330
     c:\program files (x86)\avg\avg2014\avgui.exe
     1/22/2014 5:17 AM
   Adobe ARM
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
     Adobe Reader and Acrobat Manager
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
     11/21/2013 10:56 AM
   RIMBBLaunchAgent.exe
     C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
     Launch Agent Service
     Research In Motion Limited
     4.2.0.31
     c:\program files (x86)\common files\research in motion\usb drivers\rimbblaunchagent.exe
     1/17/2013 3:08 PM

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
   Bluetooth.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
     Bluetooth Tray Application
     Broadcom Corporation.
     12.0.0.1600
     c:\program files\widcomm\bluetooth software\bttray.exe
     7/19/2012 2:38 PM
   Secunia PSI Tray.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
     Secunia PSI Tray
     Secunia
     3.0.0.8013
     c:\program files (x86)\secunia\psi\psi_tray.exe
     10/14/2013 12:28 AM

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
   Themes Setup
     /UserInstall
     File not found: /UserInstall

   Windows Desktop Update
     U
     File not found: U


HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
   Google Chrome
     "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
     Google Chrome
     Google Inc.
     33.0.1750.117
     c:\program files (x86)\google\chrome\application\33.0.1750.117\installer\chrmstp.exe
     2/19/2014 4:40 PM

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   DellSystemDetect
     C:\Users\Rick's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
     c:\users\rick's laptop\appdata\roaming\microsoft\windows\start menu\programs\dell\dell system detect.appref-ms
     11/10/2013 10:29 AM
   AVG-Secure-Search-Update_1113a
     C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a
     File not found: C:\Users\Rick's Laptop\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=f8aab7ae7c8847d3a1ea1151c306ad97-e56734dd01e8ccc8e600fcae76d9170ebb86f561 /CMPID=1113a


Task Scheduler
   \Adobe Flash Player Updater
     "C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
     Adober Flashr Player Update Service 12.0 r0
     Adobe Systems Incorporated
     12.0.0.70
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     2/16/2014 7:21 PM
   \GoogleUpdateTaskMachineCore
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     2/15/2012 8:43 PM
   \GoogleUpdateTaskMachineUA
     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.3.21.103
     c:\program files (x86)\google\update\googleupdate.exe
     2/15/2012 8:43 PM
   \PCDEventLauncherTask
     "C:\Program Files\My Dell\sessionchecker.exe"
     PC-Doctor Module
     PC-Doctor, Inc.
     6.0.6426.22
     c:\program files\my dell\sessionchecker.exe
     1/10/2014 2:22 AM
   \PCDoctorBackgroundMonitorTask
     "C:\Program Files\My Dell\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently
     PC-Doctor Module
     PC-Doctor, Inc.
     6.0.6426.22
     c:\program files\my dell\uaclauncher.exe
     1/10/2014 2:20 AM
   \SystemToolsDailyTest
     "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
     File not found: uaclauncher.exe

   \Microsoft\Windows\NetTrace\GatherNetworkInfo
     "%windir%\system32\gatherNetworkInfo.vbs"
     c:\windows\system32\gathernetworkinfo.vbs
     7/18/2013 9:53 AM

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   PasswordBox Helper
     HKCR\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD}
     Password Manager
     PasswordBox, Inc.
     1.2.0.0
     c:\program files (x86)\passwordbox\application\pbbtn.dll
     11/6/2013 4:24 PM

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   PasswordBox Helper
     HKCR\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD}
     Password Manager
     PasswordBox, Inc.
     1.2.0.0
     c:\program files (x86)\passwordbox\application\pbbtn.dll
     11/6/2013 4:24 PM

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files (x86)\avg\avg2014\avgsea.dll
     10/7/2013 4:54 PM

HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files (x86)\avg\avg2014\avgse.dll
     10/7/2013 5:38 PM

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     2/28/2013 2:39 PM

HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
   Monitor
     HKCR\CLSID\{7842554E-6BED-11D2-8CDB-B05550C10000}
     BTNCopy Module
     Broadcom Corporation.
     12.0.0.1600
     c:\program files\widcomm\bluetooth software\btncopy.dll
     7/19/2012 2:39 PM

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   igfxcui
     HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
     igfxpph Module
     Intel Corporation
     8.15.10.3347
     c:\windows\system32\igfxpph.dll
     10/31/2013 12:26 PM

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
   {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
     HKCR\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
     Apache Software Foundation
     4.0.9714.500
     c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl_x64.dll
     9/20/2013 5:41 AM

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
     HKCR\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
     Apache Software Foundation
     4.0.9714.500
     c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl.dll
     9/20/2013 5:50 AM
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     11.0.3.37
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     5/11/2013 3:34 AM

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files (x86)\avg\avg2014\avgsea.dll
     10/7/2013 4:54 PM
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     2/28/2013 2:39 PM

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
   AVG Shell Extension
     HKCR\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
     AVG Shell Extension
     AVG Technologies CZ, s.r.o.
     14.0.0.4208
     c:\program files (x86)\avg\avg2014\avgse.dll
     10/7/2013 5:38 PM

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     8/22/2013 5:32 AM

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\SysWOW64\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\syswow64\l3codeca.acm
     8/21/2013 10:03 PM
   vidc.cvid
     iccvid.dll
     Cinepakr Codec
     Radius Inc.
     1.10.0.12
     c:\windows\syswow64\iccvid.dll
     8/21/2013 10:03 PM

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   MainConcept MPEG Demultiplexer
     HKCR\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax
     7/29/2011 10:08 PM
   MainConcept AMR Decoder
     HKCR\CLSID\{17CAD714-24C4-474E-97D4-4C5A50046791}
     AMR Decoder DirectShow Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_amr_ds.ax
     7/29/2011 9:23 PM
   MainConcept AAC Decoder
     HKCR\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}
     AAC audio decoder filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_aac_ds.ax
     7/29/2011 9:22 PM
   MainConcept Color Space Converter
     HKCR\CLSID\{272D77A0-A852-4851-ADA4-9091FEAD4C86}
     Color Space Converter DirectShow Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_trans_video_colorspace_ds.ax
     7/29/2011 10:38 PM
   MainConcept MP4 Demultiplexer
     HKCR\CLSID\{2A55FF12-1657-41D7-9D2D-A2CDC6978FF2}
     MP4 Demultiplexer Direct Show Filter
     MainConcept GmbH
     9.1.0.57344
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_demux_mp4_ds.ax
     9/21/2011 9:38 AM
   MainConcept Layer II Audio Decoder
     HKCR\CLSID\{2F75E451-A88C-4939-BFE5-D92D48C102F2}
     Layer II Audio Decoder
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_mpa_ds.ax
     7/29/2011 9:24 PM
   MainConcept Audio Converter
     HKCR\CLSID\{7C21821C-4F7F-4F1B-A53E-D07B2800878A}
     Audio Converter DirectShow Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_trans_audio_converter_ds.ax
     7/29/2011 10:37 PM
   MainConcept Audio Resampler
     HKCR\CLSID\{7C32A8A2-17B8-4925-9699-9863A9B7BCB8}
     Audio Resampler Direct Show Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_trans_audio_samplerate_ds.ax
     7/29/2011 10:37 PM
   MainConcept AVC/H.264 Video Decoder
     HKCR\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}
     AVC/H.264 Decoder DirectShow Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_avc_ds.ax
     7/29/2011 9:35 PM
   MainConcept Frame Rate Converter
     HKCR\CLSID\{A4DCA218-AC9E-4D1F-8600-C5B1F390D408}
     Frame Rate Converter DS Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_trans_video_framerate_ds.ax
     7/29/2011 10:38 PM
   MainConcept MPEG-2 Video Decoder
     HKCR\CLSID\{BC4EB321-771F-4E9F-AF67-37C631ECA106}
     MPEG-2 Video Decoder
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_mp2v_ds.ax
     7/29/2011 9:47 PM
   MainConcept ImageScaler
     HKCR\CLSID\{BEB7FFE8-37BA-4849-AE26-7A10EF20A303}
     ImageScaler DS Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_trans_video_imagescaler_ds.ax
     7/29/2011 10:38 PM
   MainConcept Sink Filter
     HKCR\CLSID\{CF2521A7-4029-4CC1-8C6E-F82BD82BB343}
     Sink DS Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_render_fileindex_ds.ax
     7/29/2011 10:40 PM
   MainConcept Stream Parser
     HKCR\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax
     7/29/2011 10:08 PM
   MainConcept MPEG-4 Video Decoder
     HKCR\CLSID\{FC86AD6C-894A-44E9-A283-4B5A9DD6CA65}
     MPEG-4 Video Decoder Direct Show Filter
     MainConcept GmbH
     9.0.0.54256
     c:\program files (x86)\research in motion\blackberry desktop\codecs\mc_dec_mp4v_ds.ax
     7/29/2011 9:51 PM

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\j1gfuspp.default\Cache emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Mozilla\Firefox\Profiles\0jwj617o.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=382 folders=71 8935097 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\RICK'S~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 02/28/2014 at 13:47:40.30 ======================

SystemLook 30.07.11 by jpshortstuff
Log created at 13:52 on 28/02/2014 by Rick's Laptop
Administrator - Elevation successful

========== Regfind ==========

Searching for "LVMaintenance"
[HKEY_CURRENT_USER\Software\LVMaintenance]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|CEUpdaterInstall.dll]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|LVMaintenance.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|LVMaintenance.exe]
"LVMaintenance,Version="1.0.0.0",Culture="neutral",ProcessorArchitecture="x86""="[(Q&@Op6o8me}m-c`CEL>Pk5.fU'_h*Y034y49vY_"
[HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C541DCA4E566CC04980A3A12D3675117\SourceList]
"PackageName"="LVMaintenance.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3664828930-2760834353-1218494814-1001\Components\738A43EB1B2FB1814A11189F1ECA7D9A]
"C541DCA4E566CC04980A3A12D3675117"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3664828930-2760834353-1218494814-1001\Components\9902ABE0C29CDABF46717BE2633BF68D]
"C541DCA4E566CC04980A3A12D3675117"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\icon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3664828930-2760834353-1218494814-1001\Components\AEE0D3E23E4E15758D35E86A5861C2C4]
"C541DCA4E566CC04980A3A12D3675117"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\CEUpdaterInstall.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3664828930-2760834353-1218494814-1001\Products\C541DCA4E566CC04980A3A12D3675117\InstallProperties]
"Contact"="LVMaintenance"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\LVMaintenance_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\LVMaintenance_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4ACD145C-665E-40CC-89A0-A3213D761571}]
"Contact"="LVMaintenance"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe"
[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\LVMaintenance]
[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|CEUpdaterInstall.dll]
[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|LVMaintenance.exe]
[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Installer\Assemblies\C:|Users|Rick's Laptop|AppData|Roaming|LVMaintenance|LVMaintenance.exe]
"LVMaintenance,Version="1.0.0.0",Culture="neutral",ProcessorArchitecture="x86""="[(Q&@Op6o8me}m-c`CEL>Pk5.fU'_h*Y034y49vY_"
[HKEY_USERS\S-1-5-21-3664828930-2760834353-1218494814-1001\Software\Microsoft\Installer\Products\C541DCA4E566CC04980A3A12D3675117\SourceList]
"PackageName"="LVMaintenance.msi"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"="C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe"

-= EOF =-

kevinf80 · February 28, 2014

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Double click Zoek to run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe;fsC:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe;fs[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run];r"LVMaintenance"=;r[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run];r"ContentExplorer"=";r[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run];r"LVMaintenance"=;r[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run];r"ContentExplorer"=;rFFdefaults;CHRdefaults;iedefaults;autoclean;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply…..

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Let me see those two logs, tell me how your system now responds, also if any remaining issues or conerns...

Kevin

Rickaber · March 1, 2014

Kevin, Here are files you requested. Hope this takes are of it. Haven't seen it sence this last go around. Have you worked on this one before or is it new? Had a trojan a few months ago and had to use a lot of utilities to get rid of it, very similar to this one. Thats when I got Secuna PSI to make sure every thing is up to date. I try to be careful what I download and don't usually take chances with programs riding on the back of the program I am looking for but this one got by me.

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Rick's Laptop on Fri 02/28/2014 at 18:53:39.49.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rick's Laptop\Desktop\zoek\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-28-194740.log 68129 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\j1gfuspp.default\prefs.js:
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");

Added to C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\j1gfuspp.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\RICK'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\prefs.js:
user_pref("browser.startup.homepage", "https://my.yahoo.com/");
user_pref("browser.search.defaultEngine", "Yahoo");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\RICK'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\RICK'S~1\AppData\Roaming\Thunderbird\Profiles\c4sdqmph.default\prefs.js:

Added to C:\Users\RICK'S~1\AppData\Roaming\Thunderbird\Profiles\c4sdqmph.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"=
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"LVMaintenance"=
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"=

==== Deleting Files \ Folders ======================

C:\Users\Rick's Laptop\AppData\Roaming\LVMaintenance\LVMaintenance.exe not found
C:\Users\Rick's Laptop\AppData\Roaming\ContentExplorer\ContentExplorer.exe not found

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"firefox@passwordbox.com"="C:\Program Files (x86)\PasswordBox\Firefox" [11/21/2013 07:08 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\RICK'S~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
- Karma Blocker - %ProfilePath%\extensions\kabl@trac.arantius.com.xpi
- Yes popups - %ProfilePath%\extensions\yespopupsV1@patheticcockroach.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rick's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0jwj617o.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash

==== Chrome Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0A795D1E-52B5-D34B-44B7-5302B4FC288F} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9D66947F-0C8A-4CE9-914A-0AE79D4D1525} FindWide Url="http://search.findwide.com/serp?guid={0DD1CC0F-CB50-4064-A599-E86010E35525}&action=default_search&serpv=22&k={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\j1gfuspp.default\Cache emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Mozilla\Firefox\Profiles\0jwj617o.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Rick's Laptop\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=382 folders=71 8935097 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Rick's Laptop\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\RICK'S~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 02/28/2014 at 19:22:27.80 ======================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Rick's Laptop :: RICKSLAPTOP [administrator]

2/28/2014 7:28:26 PM
mbam-log-2014-02-28 (19-28-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241438
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

kevinf80 · March 1, 2014

No i`ve not seen this one before, similar new Trojans appear frequently I guess... If it has finally gone we clean up.

We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Also whilst C:\ Is expanded delete C:\zoek_backup folder

Next,

Download "Delfix by Xplode" and save it to your desktop.

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

    Remove disinfection tools
    Purge System Restore
    Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Let me know if those steps complete ok, if no remaining issues are we ok to close out?

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Kevin.....

fixlist.txt

AdvancedSetup · March 8, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

lvmaintenance

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information