Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

The Specified Path Does Not Exist

Started by JIm Andersen , Oct 24 2013 04:39 PM

Please log in to reply

#16
RKinner

Posted 27 October 2013 - 07:35 AM

Malware Expert

Expert
24,625 posts

Uninstall:
Free Download Manager 3.9.3
Free Extended Task Manager (Version: 1.0.0.46)
Free Video Converter (Version: 1.0.0.34)
Freemake Audio Converter version 1.1.0 (Version: 1.1.0)
Freemake Video Converter version 4.0.1 (Version: 4.0.1)
Freemake Video Downloader (Version: 3.5.4)
Download Accelerator Plus (DAP) (Version: 10053 (Build 2558))
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009 (Version: 2.0.0.1)

(If you need to capture video try the WebVideoCap from nirsoft:
http://www.nirsoft.n...eo_capture.html
It doesn't have a lot of adware mixed in like your other programs did)

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run a new Frst Scan and post it.

Going off island today so won't be on line until late.

#17
JIm Andersen

Posted 28 October 2013 - 04:14 PM

Member

Topic Starter
Member
34 posts

Hello, Mr. Kinner.

Before I download fixlist.txt and then run FRST again, I thought you should know the following, just in case. The uninstalls went fine, except:

Free Video Converter
• Could not uninstall.
• Shortcuts for Free Video Converter appear in my Program menu, but clicking such links bring the error message, "[File] specified in the Target box is not valid. Make sure the path and file name are correct."
• A manual search for target files and their folder produced nothing; no such folder is present.

Download Accelerator Plus (DAP)
• Using Revo Uninstaller to perform Uninstalls, I was thrown a curve by its integration with the DAP's Uninstall application.
• DAP was not properly uninstalled.
• By my mistake, the Uninstall process did not happen
• Revo simply deleted Registry lines and certain DAP-related files.

Afterward, the DAP Uninstall application (left open in a hidden window), told me to reinstall DAP and then perform a clean uninstall. Rather than reintroduce its malware, though; I only tried to delete the DAP folder, but my access for such was "denied."

Should I now reinstall DAP and then properly uninstall it, or could the folder be safely force-deleted. If so, how?

Uniblue DriverScanner 2009
• Your instructions listed Uniblue DriverScanner 2009 two different ways. I uninstalled one, but it does appear all Uniblue installations have been removed. I do not find any.

Screen2Exe
• While performing the above, I noticed Screen2Exe was still installed, despite my initial report of its earlier removal, and have just now uninstalled that.
• I am sorry for the oversight.

How should I proceed?

Thank you for the WebVideoCap tip. I look forward to using it once all my ridiculous mistakes are behind us!

#18
RKinner

Posted 28 October 2013 - 05:28 PM

Malware Expert

Expert
24,625 posts

DAP is not really evil. Just adware and not needed. IF you want to reinstall it and uninstall it that should be OK.

Anything you can't uninstall can be removed with OTL or FRST.

#19
JIm Andersen

Posted 28 October 2013 - 09:50 PM

Member

Topic Starter
Member
34 posts

After reinstalling DAP and then properly uninstalling it (along with gladly removing other old programs), FRST advised me to download a more current version of FRST, which I did, but its version is the same as the old; they are both 3.3.8.1. The new FRST, anyway, then produced the following two logs:

Fix result of Farbar Recovery Tool:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by Jim at 2013-10-28 22:24:49 Run:1
Running from C:\Documents and Settings\Jim\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R2 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-17] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
S1 cdrbsvsd; No ImagePath
S4 hpt3xx; No ImagePath
S1 MDFSYSNT; No ImagePath
S0 MDPMGRNT; No ImagePath
C:\Program Files\Freemake
SearchScopes: HKLM - DefaultScope value is missing.
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.EXE [3865232 2013-10-07] (Speedbit Ltd.)
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Documents and Settings\Jim\Local Settings\Application Data\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL (SpeedBit Ltd.)
FF Extension: DownloadHelper - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Flash and Video Download - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: fdm_ffext - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox
C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
C:\Documents and Settings\Jim\Local Settings\Temp\BrowserSet.dll
C:\Documents and Settings\Jim\Local Settings\Temp\cabex.dll
C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeAudioConverter_1.1.0.48.exe
C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeVideoConverter_4.0.1.1.exe
C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeVideoDownloader_3.5.4.0.exe
C:\Documents and Settings\Jim\Local Settings\Temp\GRRemove.exe
C:\Documents and Settings\Jim\Local Settings\Temp\install_reader11_en_mssd_aih.exe
C:\Documents and Settings\Jim\Local Settings\Temp\install_reader11_en_mssd_aih_1.exe
C:\Documents and Settings\Jim\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Documents and Settings\Jim\Local Settings\Temp\JingSetup.exe
C:\Documents and Settings\Jim\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Jim\Local Settings\Temp\qbinstal.dll
C:\Documents and Settings\Jim\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Jim\Local Settings\Temp\RunWizards.exe
C:\Documents and Settings\Jim\Local Settings\Temp\SCC.dll
C:\Documents and Settings\Jim\Local Settings\Temp\stlport_r50.dll
C:\Documents and Settings\Jim\Local Settings\Temp\svd_dap.exe
C:\Documents and Settings\Jim\Local Settings\Temp\vcredist_x86.exeTask: C:\WINDOWS\Tasks\SBWUpdateTask_Logon_f0d903de-0007E9C55523.job => ?
C:\WINDOWS\Tasks\SBWUpdateTask_Time_f0d903de-0007E9C55523.job
C:\WINDOWS\Tasks\SBW_UpdateTask_Logon_313738393639313337302d3437415a556c2a3223346c41.job
C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313738393639313337302d3437415a556c2a3223346c41.job
C:\Documents and Settings\All Users\Application Data\SpeedBit
C:\Program Files\Common Files\SpeedBit
C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager
C:\Documents and Settings\Jim\Desktop\My DAP Downloads.lnk
C:\Documents and Settings\Jim\Desktop\Download Accelerator Plus (DAP).lnk
C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)
C:\Program Files\DAP
C:\WINDOWS\Tasks\SBWUpdateTask_Time_f0d903de-0007E9C55523.job
C:\WINDOWS\Tasks\SBWUpdateTask_Logon_f0d903de-0007E9C55523.job
C:\Documents and Settings\Jim\My Documents\dap data.txt
C:\Documents and Settings\Jim\Local Settings\Application Data\SpeedBIT
C:\Program Files\Common Files\SpeedBit
C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager
C:\Program Files\Free Download Manager
C:\Documents and Settings\Jim\Application Data\Free Download Manager
C:\Documents and Settings\Jim\Application Data\Uniblue
C:\Program Files\Uniblue
*****************

Freemake Improver => Service not found.
FreemakeVideoCapture => Service not found.
cdrbsvsd => Service deleted successfully.
hpt3xx => Service deleted successfully.
MDFSYSNT => Service deleted successfully.
MDPMGRNT => Service deleted successfully.
"C:\Program Files\Freemake" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DownloadAccelerator => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key not found.
HKCR\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key not found.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} => Key not found.
HKCR\CLSID\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000} => Key not found.
HKCR\CLSID\{FF6C3CF0-4B15-11D1-ABED-709549C10000} => Key not found.
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} => Moved successfully.
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} => not found.
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected] => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => Value deleted successfully.
C:\Program Files\DAP\daplinkchecker => not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} => Value not found.
C:\Program Files\DAP\DAPFireFox => not found.
C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 => Moved successfully.
"C:\Documents and Settings\Jim\Local Settings\Temp\BrowserSet.dll" => File/Directory not found.
C:\Documents and Settings\Jim\Local Settings\Temp\cabex.dll => Moved successfully.
"C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeAudioConverter_1.1.0.48.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeVideoConverter_4.0.1.1.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\FreemakeVideoDownloader_3.5.4.0.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\GRRemove.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\install_reader11_en_mssd_aih.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\install_reader11_en_mssd_aih_1.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\JingSetup.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\qbinstal.dll" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
C:\Documents and Settings\Jim\Local Settings\Temp\RunWizards.exe => Moved successfully.
"C:\Documents and Settings\Jim\Local Settings\Temp\SCC.dll" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\stlport_r50.dll" => File/Directory not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\svd_dap.exe" => File/Directory not found.
C:\Documents and Settings\Jim\Local Settings\Temp\vcredist_x86.exeC:\WINDOWS\Tasks\SBWUpdateTask_Logon_f0d903de-0007E9C55523.job not found.
"C:\Documents and Settings\Jim\Local Settings\Temp\vcredist_x86.exeTask: C:\WINDOWS\Tasks\SBWUpdateTask_Logon_f0d903de-0007E9C55523.job => ?" => File/Directory not found.
"C:\WINDOWS\Tasks\SBWUpdateTask_Time_f0d903de-0007E9C55523.job " => File/Directory not found.
C:\WINDOWS\Tasks\SBW_UpdateTask_Logon_313738393639313337302d3437415a556c2a3223346c41.job => Moved successfully.
C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313738393639313337302d3437415a556c2a3223346c41.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedBit => Moved successfully.
C:\Program Files\Common Files\SpeedBit => Moved successfully.
"C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager" => File/Directory not found.
"C:\Documents and Settings\Jim\Desktop\My DAP Downloads.lnk" => File/Directory not found.
"C:\Documents and Settings\Jim\Desktop\Download Accelerator Plus (DAP).lnk" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Download Accelerator Plus (DAP).lnk" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Download Accelerator Plus (DAP)" => File/Directory not found.
"C:\Program Files\DAP" => File/Directory not found.
"C:\WINDOWS\Tasks\SBWUpdateTask_Time_f0d903de-0007E9C55523.job" => File/Directory not found.
"C:\WINDOWS\Tasks\SBWUpdateTask_Logon_f0d903de-0007E9C55523.job" => File/Directory not found.
C:\Documents and Settings\Jim\My Documents\dap data.txt => Moved successfully.
C:\Documents and Settings\Jim\Local Settings\Application Data\SpeedBIT => Moved successfully.
"C:\Program Files\Common Files\SpeedBit" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager" => File/Directory not found.
"C:\Program Files\Free Download Manager" => File/Directory not found.
"C:\Documents and Settings\Jim\Application Data\Free Download Manager" => File/Directory not found.
"C:\Documents and Settings\Jim\Application Data\Uniblue" => File/Directory not found.
"C:\Program Files\Uniblue" => File/Directory not found.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Jim (administrator) on 700S on 28-10-2013 22:28:05
Running from C:\Documents and Settings\Jim\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Bsecure Technologies, Inc.) C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
() C:\Program Files\AVG\AVG Family Safety\BSecAMX.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Logitech Inc.) C:\WINDOWS\Logi_MwX.Exe
(Microsoft Corporation) C:\WINDOWS\System32\locator.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Smith Micro Software, Inc.) C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\MSOffice\Office10\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft® Corporation) C:\Program Files\Microsoft Works\MSWorks.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.Exe [28160 2005-07-23] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] - C:\WINDOWS\LOGI_MWX.EXE [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [AVG Family Safety] - C:\Program Files\AVG\AVG Family Safety\BsecTray.exe [106824 2011-03-30] (Bsecure Technologies, Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM\...\Run: [Reader Library Launcher] - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM\...\Run: [Carbonite Backup] - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\QBDataServiceUser17\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\Rhonda\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
ShortcutTarget: Picture Package Menu.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
ShortcutTarget: Picture Package VCD Maker.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken 2005\bagent.exe (Intuit Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=DATaya1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x161C4C81B8D3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - {f1b5f790-bdce-11dd-ad8b-0800200c9a66} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 02 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 03 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 04 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 05 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 06 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 07 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 08 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 09 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 10 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 11 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 12 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 13 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 14 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 15 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 16 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 17 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 18 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 19 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 20 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 21 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 22 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 23 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 24 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 25 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 26 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 53 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Jim\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @sony.com/eBookLibrary - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Jim\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF SearchPlugin: C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\searchplugins\speedbit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: BarTab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: Виявлення пристроїв Logitech - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
FF Extension: AddThis - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: IE Tab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: IE Tab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
FF Extension: Просмотр HTTP заголовков - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: amznUWL2 - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: artur.dubovoy - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: firefox - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: optout - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: pinterest - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: places-maintenance - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: readability - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\sfStatistics.xml
FF Extension: stealer - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: YoutubeDownloader - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: myxa - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{0C07EECD-53B6-4748-BB2B-4395BF51DD8B}.xpi
FF Extension: defaults - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi
FF Extension: noscript - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{861d02ef-6fd9-4ce1-954a-90ee3a4de31c}.xpi
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR Extension: (Sort by Name) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0
CHR Extension: () - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.6_0
CHR Extension: (Add to Amazon Wish List) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0
CHR Extension: (Screen Capture (by Google)) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0
CHR Extension: (Read Later Fast) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.3.7_1
CHR Extension: (AdBlock) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0
CHR Extension: (IE Tab) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.11.30.1_0
CHR Extension: (bitly | a simple URL shortener) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0
CHR Extension: (Cloud Reader) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0
CHR Extension: (Send to Kindle) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.4_0
CHR Extension: (Freemake Video Converter) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx

========================== Services (Whitelisted) =================

S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 Bsecure; C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe [78664 2011-03-30] (Bsecure Technologies, Inc.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com))
S4 Extensions Updates Service; C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [77824 2008-10-29] (Extensoft)
S4 Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
R2 Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe [157000 2007-10-08] (Smith Micro Software, Inc.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29560 2012-08-23] (AVG)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-01] (AVG Technologies)
S3 BCMModem; C:\Windows\System32\DRIVERS\BCMDM.sys [871388 2001-08-17] (BCM)
R3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [21624 2010-02-05] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [110592 2002-07-19] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [643072 2002-07-19] (Creative Technology Ltd)
R2 EdgeStat; C:\WINDOWS\system32\drivers\edgestat.sys [6912 1998-03-20] ()
R3 GTWModem; C:\Windows\System32\DRIVERS\GWMDM.sys [1136384 2003-03-19] (GTW)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)
R3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36608 2005-07-22] (Logitech, Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28276 2006-10-17] (MusicMatch, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-30] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-30] (Microsoft Corporation)
R2 PAR1284; C:\WINDOWS\system32\drivers\PAR1284.sys [53344 2000-10-23] (Warp Nine Engineering)
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R2 RioPNP; C:\Windows\System32\Drivers\RioPNP.sys [6736 2000-06-06] (RioPort.com)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
R3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2002-12-17] (Rainbow Technologies Inc.)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
R3 TotRec7; C:\Windows\System32\drivers\TotRec7.sys [131152 2011-07-08] (High Criteria inc.)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91728 2011-07-08] (High Criteria inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-28 21:50 - 2013-10-28 21:50 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\Sun
2013-10-28 20:06 - 2013-10-28 20:02 - 00001291 _____ C:\magnet.xml
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Documents and Settings\Jim\OCALS~1
2013-10-28 14:16 - 2013-10-28 15:59 - 00001772 _____ C:\Documents and Settings\Jim\My Documents\Uninstallation detail - delete.txt
2013-10-28 14:11 - 2013-10-28 14:11 - 00003072 ___SH C:\Thumbs.db
2013-10-28 13:37 - 2013-10-28 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Download Manager
2013-10-26 19:37 - 2013-10-26 19:37 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-26 18:21 - 2013-10-26 18:21 - 00028041 _____ C:\ComboFix.txt
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-26 17:19 - 2013-10-26 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-26 17:19 - 2010-01-28 11:48 - 00000211 _____ C:\Boot.bak
2013-10-26 17:19 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-26 17:08 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-26 17:08 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-26 17:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-26 17:04 - 2013-10-26 17:04 - 05136694 ____R (Swearware) C:\Documents and Settings\Jim\Desktop\ComboFix.exe
2013-10-26 13:30 - 2013-10-26 18:21 - 00000000 ____D C:\Qoobox
2013-10-26 13:29 - 2013-10-26 18:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-26 11:21 - 2013-10-26 11:21 - 00000000 ____D C:\FRST
2013-10-26 11:07 - 2013-10-26 11:07 - 00001223 _____ C:\Documents and Settings\Jim\Desktop\JRT.txt
2013-10-26 10:41 - 2013-10-26 10:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-26 09:32 - 2013-10-26 10:04 - 00000000 ____D C:\AdwCleaner
2013-10-25 13:10 - 2013-10-26 13:03 - 00307712 ____H C:\Documents and Settings\Jim\My Documents\~WRL3719.tmp
2013-10-25 11:43 - 2013-10-25 11:43 - 00000000 ____D C:\_OTL
2013-10-24 14:07 - 2013-10-24 14:07 - 00040116 _____ C:\WINDOWS\$CCW_D02.CC$
2013-10-24 13:36 - 2013-10-24 13:36 - 00001823 _____ C:\Documents and Settings\Children\Desktop\Google Chrome.lnk
2013-10-24 13:33 - 2013-10-24 13:34 - 00001823 _____ C:\Documents and Settings\Rhonda\Desktop\Google Chrome.lnk
2013-10-24 13:32 - 2013-10-24 13:32 - 00207182 _____ C:\Documents and Settings\Jim\My Documents\OTL.Txt
2013-10-24 01:58 - 2013-10-24 01:58 - 00000140 _____ C:\Documents and Settings\Jim\My Documents\emergency drill at lincoln school.txt
2013-10-22 14:33 - 2013-10-22 14:33 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$tle 34, Code of Federal Regulations.htm
2013-10-22 14:13 - 2013-10-22 14:32 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\images
2013-10-22 14:11 - 2013-10-22 14:51 - 02442532 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.htm
2013-10-22 14:04 - 2013-10-22 14:10 - 00535343 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.txt
2013-10-21 13:08 - 2013-10-21 14:06 - 00006805 _____ C:\Documents and Settings\Jim\My Documents\REMEMBER THAT MAN.txt
2013-10-21 13:08 - 2013-10-21 13:08 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$MEMBER THAT MAN.txt
2013-10-20 15:27 - 2013-10-20 15:27 - 00002689 _____ C:\Documents and Settings\Jim\My Documents\Ro .txt
2013-10-11 13:34 - 2013-10-11 13:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 13:32 - 2013-10-11 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 13:30 - 2013-10-11 13:32 - 00132844 _____ C:\WINDOWS\KB2862335.log
2013-10-11 12:49 - 2013-10-11 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 12:47 - 2013-10-11 12:49 - 00011279 _____ C:\WINDOWS\KB2868038.log
2013-10-11 12:39 - 2013-10-11 12:42 - 00012241 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 12:38 - 2013-10-11 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 12:37 - 2013-10-11 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 18:45 - 2013-10-10 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 16:25 - 2013-10-11 12:16 - 00046592 ____H C:\Documents and Settings\Jim\My Documents\~WRL0781.tmp
2013-10-10 00:50 - 2013-10-11 13:34 - 00135263 _____ C:\WINDOWS\KB2847311.log
2013-10-10 00:45 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-10 00:45 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-10 00:35 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 00:35 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 00:27 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-08 16:05 - 2013-10-08 16:05 - 00000021 _____ C:\Documents and Settings\Jim\My Documents\stuffit key.txt
2013-10-08 16:03 - 2013-10-08 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StuffIt 11
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\WINDOWS\ItsDeductible
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q03Files
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q02FILES
2013-10-08 14:50 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\______BACKUP
2013-10-08 14:00 - 2013-10-08 14:00 - 00000566 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to MG6300 series (UPnP)_DD04E25A2A07.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-10-05 11:28 - 2013-10-28 14:46 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\EQATEC Analytics
2013-10-05 11:22 - 2013-10-05 11:22 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\WINDOWS\system32\AniGIF.ocx
2013-10-03 13:03 - 2013-10-03 13:03 - 00024576 ____H C:\Documents and Settings\Jim\My Documents\~WRL3874.tmp
2013-10-02 16:43 - 2013-10-02 16:43 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Apowersoft Screen Recorder Pro
2013-10-02 16:39 - 2013-10-02 16:39 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Apowersoft
2013-10-02 16:39 - 2013-06-02 04:56 - 00026032 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2013-10-02 16:39 - 2013-06-01 20:07 - 00443568 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftScreenCapturing.dll
2013-10-02 16:39 - 2013-06-01 20:07 - 00271536 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftScreenCapturingFilter.dll
2013-10-02 16:39 - 2013-06-01 20:07 - 00181424 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftVideoMixerFilter.dll
2013-10-02 00:31 - 2013-10-28 14:40 - 00065536 _____ C:\WINDOWS\system32\config\CaptureL.evt
2013-10-02 00:30 - 2013-10-02 00:30 - 00000000 ____D C:\Program Files\WinPcap
2013-09-30 20:56 - 2013-10-01 14:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 10:48 - 2013-10-01 10:23 - 00005317 _____ C:\Documents and Settings\Jim\My Documents\Big Pharma Exec Turned Whistleblower .txt

==================== One Month Modified Files and Folders =======

2013-10-28 22:25 - 2010-01-28 13:01 - 00002355 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2013-10-28 22:12 - 2012-03-29 19:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-28 22:11 - 2006-10-16 15:37 - 01939955 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-28 22:10 - 2006-10-16 10:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-28 22:10 - 2006-10-16 10:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-28 22:08 - 2006-10-16 15:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-28 22:05 - 2006-10-16 16:28 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-10-28 22:05 - 2006-10-16 16:28 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-10-28 22:05 - 2006-10-16 16:28 - 00000024 _____ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2013-10-28 22:05 - 2006-10-16 16:28 - 00000024 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2013-10-28 22:04 - 2006-10-16 15:25 - 00000178 ___SH C:\Documents and Settings\Jim\ntuser.ini
2013-10-28 22:04 - 2006-10-16 15:24 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-28 22:00 - 2013-02-11 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\com.amazon.music.uploader
2013-10-28 21:57 - 2010-04-23 13:32 - 00000000 ____D C:\Program Files\2nd Story Software
2013-10-28 21:50 - 2013-10-28 21:50 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\Sun
2013-10-28 21:50 - 2013-09-07 09:02 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-28 21:47 - 2013-09-06 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith
2013-10-28 21:47 - 2013-09-06 10:16 - 00000000 ____D C:\Program Files\TechSmith
2013-10-28 21:45 - 2006-12-29 11:22 - 00000000 ____D C:\Program Files\MTV Networks
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Documents and Settings\Jim\OCALS~1
2013-10-28 20:03 - 2006-10-16 15:25 - 00000000 ____D C:\Documents and Settings\Jim
2013-10-28 20:02 - 2013-10-28 20:06 - 00001291 _____ C:\magnet.xml
2013-10-28 18:00 - 2006-10-16 15:17 - 00000000 ____D C:\WINDOWS\Registration
2013-10-28 17:42 - 2011-06-22 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-28 15:59 - 2013-10-28 14:16 - 00001772 _____ C:\Documents and Settings\Jim\My Documents\Uninstallation detail - delete.txt
2013-10-28 14:46 - 2013-10-05 11:28 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\EQATEC Analytics
2013-10-28 14:40 - 2013-10-02 00:31 - 00065536 _____ C:\WINDOWS\system32\config\CaptureL.evt
2013-10-28 14:36 - 2011-09-05 18:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2013-10-28 14:11 - 2013-10-28 14:11 - 00003072 ___SH C:\Thumbs.db
2013-10-28 14:11 - 2012-10-13 10:23 - 00000000 ____D C:\jobs
2013-10-28 13:48 - 2011-09-05 21:46 - 00345650 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-28 13:46 - 2013-10-28 13:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Download Manager
2013-10-28 00:52 - 2007-08-19 16:21 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-10-27 02:32 - 2006-11-30 20:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-27 02:19 - 2006-10-16 10:12 - 00610952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-26 22:00 - 2012-09-26 17:57 - 00322909 _____ C:\WINDOWS\setupapi.log
2013-10-26 21:17 - 2013-06-18 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-10-26 21:12 - 2012-01-02 10:34 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\TempDIR
2013-10-26 19:37 - 2013-10-26 19:37 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-26 18:21 - 2013-10-26 18:21 - 00028041 _____ C:\ComboFix.txt
2013-10-26 18:21 - 2013-10-26 13:30 - 00000000 ____D C:\Qoobox
2013-10-26 18:21 - 2006-10-16 15:24 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-26 18:16 - 2013-10-26 13:29 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-26 18:05 - 2001-08-30 05:30 - 00000327 _____ C:\WINDOWS\system.ini
2013-10-26 17:56 - 2006-10-16 10:11 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-26 17:56 - 2006-10-16 10:11 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 50331648 _____ C:\WINDOWS\system32\config\software.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 12845056 _____ C:\WINDOWS\system32\config\system.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-26 17:19 - 2013-10-26 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-26 17:19 - 2006-10-16 10:10 - 00000327 __RSH C:\boot.ini
2013-10-26 17:04 - 2013-10-26 17:04 - 05136694 ____R (Swearware) C:\Documents and Settings\Jim\Desktop\ComboFix.exe
2013-10-26 13:03 - 2013-10-25 13:10 - 00307712 ____H C:\Documents and Settings\Jim\My Documents\~WRL3719.tmp
2013-10-26 11:21 - 2013-10-26 11:21 - 00000000 ____D C:\FRST
2013-10-26 11:07 - 2013-10-26 11:07 - 00001223 _____ C:\Documents and Settings\Jim\Desktop\JRT.txt
2013-10-26 10:41 - 2013-10-26 10:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-26 10:04 - 2013-10-26 09:32 - 00000000 ____D C:\AdwCleaner
2013-10-25 18:56 - 2013-08-31 16:39 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-25 11:44 - 2009-03-30 14:05 - 00000000 ____D C:\Program Files\gigasizetb
2013-10-25 11:43 - 2013-10-25 11:43 - 00000000 ____D C:\_OTL
2013-10-24 17:56 - 2011-05-14 10:08 - 00000178 ___SH C:\Documents and Settings\Rhonda\ntuser.ini
2013-10-24 17:53 - 2001-08-30 05:30 - 00001576 _____ C:\WINDOWS\win.ini
2013-10-24 14:07 - 2013-10-24 14:07 - 00040116 _____ C:\WINDOWS\$CCW_D02.CC$
2013-10-24 14:07 - 2006-10-28 10:50 - 00003498 _____ C:\WINDOWS\POWERUP.INI
2013-10-24 13:38 - 2011-05-21 16:09 - 00000178 ___SH C:\Documents and Settings\Children\ntuser.ini
2013-10-24 13:36 - 2013-10-24 13:36 - 00001823 _____ C:\Documents and Settings\Children\Desktop\Google Chrome.lnk
2013-10-24 13:34 - 2013-10-24 13:33 - 00001823 _____ C:\Documents and Settings\Rhonda\Desktop\Google Chrome.lnk
2013-10-24 13:34 - 2011-06-20 15:17 - 00000000 ____D C:\Documents and Settings\Rhonda\Tracing
2013-10-24 13:32 - 2013-10-24 13:32 - 00207182 _____ C:\Documents and Settings\Jim\My Documents\OTL.Txt
2013-10-24 11:12 - 2012-01-15 14:06 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\LogMeIn Rescue Applet
2013-10-24 01:58 - 2013-10-24 01:58 - 00000140 _____ C:\Documents and Settings\Jim\My Documents\emergency drill at lincoln school.txt
2013-10-23 16:47 - 2009-08-03 14:54 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2013-10-22 14:51 - 2013-10-22 14:11 - 02442532 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.htm
2013-10-22 14:33 - 2013-10-22 14:33 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$tle 34, Code of Federal Regulations.htm
2013-10-22 14:32 - 2013-10-22 14:13 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\images
2013-10-22 14:10 - 2013-10-22 14:04 - 00535343 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.txt
2013-10-21 14:06 - 2013-10-21 13:08 - 00006805 _____ C:\Documents and Settings\Jim\My Documents\REMEMBER THAT MAN.txt
2013-10-21 13:08 - 2013-10-21 13:08 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$MEMBER THAT MAN.txt
2013-10-20 15:27 - 2013-10-20 15:27 - 00002689 _____ C:\Documents and Settings\Jim\My Documents\Ro .txt
2013-10-19 18:28 - 2006-12-06 20:55 - 00134208 _____ C:\Documents and Settings\Jim\Application Data\GDIPFONTCACHEV1.DAT
2013-10-17 11:10 - 2008-01-25 15:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 11:10 - 2006-10-16 10:11 - 00388792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-16 12:01 - 2011-08-29 15:33 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\_Present
2013-10-16 12:01 - 2009-12-06 21:28 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\__Job Search
2013-10-16 12:01 - 2008-11-25 12:09 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\_Andersen SIGNS Receipts
2013-10-16 12:01 - 2006-10-19 20:12 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Jobs
2013-10-11 13:34 - 2013-10-11 13:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 13:34 - 2013-10-10 00:50 - 00135263 _____ C:\WINDOWS\KB2847311.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00127386 _____ C:\WINDOWS\tsoc.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00067242 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00018468 _____ C:\WINDOWS\ocmsn.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00016686 _____ C:\WINDOWS\msgsocm.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00333883 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00159624 _____ C:\WINDOWS\ocgen.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00110833 _____ C:\WINDOWS\comsetup.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00058863 _____ C:\WINDOWS\iis6.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00034127 _____ C:\WINDOWS\updspapi.log
2013-10-11 13:32 - 2013-10-11 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 13:32 - 2013-10-11 13:30 - 00132844 _____ C:\WINDOWS\KB2862335.log
2013-10-11 13:32 - 2012-10-20 17:18 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 13:29 - 2013-08-14 09:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 13:08 - 2006-10-17 08:22 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-11 13:06 - 2010-06-05 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-11 12:49 - 2013-10-11 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 12:49 - 2013-10-11 12:47 - 00011279 _____ C:\WINDOWS\KB2868038.log
2013-10-11 12:42 - 2013-10-11 12:39 - 00012241 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 12:40 - 2009-05-31 21:58 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-11 12:38 - 2013-10-11 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 12:37 - 2013-10-11 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 12:16 - 2013-10-10 16:25 - 00046592 ____H C:\Documents and Settings\Jim\My Documents\~WRL0781.tmp
2013-10-10 18:45 - 2013-10-10 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 18:45 - 2013-09-25 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-10-10 12:31 - 2013-05-04 12:47 - 00001612 _____ C:\WINDOWS\wmsetup.log
2013-10-09 12:20 - 2006-10-16 15:39 - 00134208 _____ C:\Documents and Settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-08 22:19 - 2012-03-29 19:42 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-08 22:19 - 2011-05-31 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 16:05 - 2013-10-08 16:05 - 00000021 _____ C:\Documents and Settings\Jim\My Documents\stuffit key.txt
2013-10-08 16:03 - 2013-10-08 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StuffIt 11
2013-10-08 15:21 - 2006-10-17 21:42 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Adobe
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\WINDOWS\ItsDeductible
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q03Files
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q02FILES
2013-10-08 14:51 - 2013-10-08 14:50 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\______BACKUP
2013-10-08 14:39 - 2006-12-02 16:17 - 00000000 ____D C:\Program Files\TurboTax
2013-10-08 14:00 - 2013-10-08 14:00 - 00000566 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to MG6300 series (UPnP)_DD04E25A2A07.lnk
2013-10-08 13:31 - 2011-11-04 15:14 - 00001823 _____ C:\Documents and Settings\Jim\Desktop\Google Chrome.lnk
2013-10-08 13:23 - 2012-09-20 15:48 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-10-08 13:16 - 2011-06-22 11:14 - 00000000 ____D C:\Program Files\AVG
2013-10-08 13:08 - 2009-10-05 13:13 - 00000000 ____D C:\Program Files\Java
2013-10-08 12:55 - 2008-10-14 00:22 - 00000000 ____D C:\Program Files\Intuit
2013-10-08 12:48 - 2006-11-30 21:09 - 00000000 ____D C:\Program Files\Common Files\AnswerWorks 4.0
2013-10-07 21:28 - 2012-01-09 16:13 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\math correction
2013-10-07 11:51 - 2009-12-21 17:18 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 11:51 - 2009-12-21 17:18 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 11:07 - 2013-10-07 11:07 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-10-07 11:05 - 2006-11-30 21:16 - 00000000 ____D C:\Program Files\Google
2013-10-05 11:22 - 2013-10-05 11:22 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\WINDOWS\system32\AniGIF.ocx
2013-10-04 23:01 - 2012-10-20 17:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-04 22:58 - 2011-09-05 21:46 - 01680747 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1035525444-839522115-1004-0.dat
2013-10-03 13:03 - 2013-10-03 13:03 - 00024576 ____H C:\Documents and Settings\Jim\My Documents\~WRL3874.tmp
2013-10-03 00:24 - 2011-07-18 13:25 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-03 00:00 - 2010-03-08 12:50 - 00094412 ____H C:\WINDOWS\system32\mlfcache.dat
2013-10-02 18:41 - 2013-09-06 10:16 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\TechSmith
2013-10-02 17:55 - 2006-10-16 10:07 - 00000000 ____D C:\WINDOWS\Resources
2013-10-02 16:43 - 2013-10-02 16:43 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Apowersoft Screen Recorder Pro
2013-10-02 16:39 - 2013-10-02 16:39 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Apowersoft
2013-10-02 00:37 - 2011-09-05 18:10 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Freemake
2013-10-02 00:30 - 2013-10-02 00:30 - 00000000 ____D C:\Program Files\WinPcap
2013-10-01 16:59 - 2013-08-06 14:21 - 00003726 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-01 16:58 - 2011-12-15 08:13 - 00000000 ____D C:\WINDOWS\system32\cache
2013-10-01 16:56 - 2012-09-18 20:10 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-10-01 14:01 - 2013-09-30 20:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 10:23 - 2013-09-30 10:48 - 00005317 _____ C:\Documents and Settings\Jim\My Documents\Big Pharma Exec Turned Whistleblower .txt

Some content of TEMP:
====================
C:\Documents and Settings\Jim\Local Settings\temp\DAPREMOVE.EXE
C:\Documents and Settings\Jim\Local Settings\temp\~Unta08.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

What's my next step, Mr. Kinner?

#20
RKinner

Posted 29 October 2013 - 12:34 AM

Malware Expert

Expert
24,625 posts

Download the attached Fixlist.text file and save it to the same folder as FRST. (Overwrite the old fixlist.txt). Run FRST as before then hit Fix.

How is it running now?

#21
JIm Andersen

Posted 29 October 2013 - 09:26 AM

Member

Topic Starter
Member
34 posts

Good morning!

The latest FRST log is below. The computer appears infinitely more responsive than it was. Thank you very MUCH for that, Mr. Kinner!

The computer's start-up is still considerably slow, though, at 2:45 from power-up to the point of asking for a profile password, then another 2:45 till all services are loaded and we are online. Is speeding that up within the realm of your work here? Any suggestions?

There are a couple long-standing software-specific issues, which I suspect might be handled through another post or forum. Is that correct?

Thank you again for all your help. You have provided me a very valuable, and much appreciated service!

Jim

Fix result of Farbar Recovery Tool:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by Jim at 2013-10-29 09:44:07 Run:2
Running from C:\Documents and Settings\Jim\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.speedbit.com/?s=DATaya1
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.c...q={searchTerms}
FF SearchPlugin: C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\searchplugins\speedbit.xml
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
C:\Program Files\Common Files\SpeedBit
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
U3 TlntSvr;
C:\Documents and Settings\Jim\Local Settings\temp\DAPREMOVE.EXE
C:\Documents and Settings\Jim\Local Settings\temp\~Unta08.exe

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\searchplugins\speedbit.xml => Moved successfully.
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash => Moved successfully.
"C:\Program Files\Common Files\SpeedBit" => File/Directory not found.
catchme => Service deleted successfully.
SBUpdd => Service deleted successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\Jim\Local Settings\temp\DAPREMOVE.EXE => Moved successfully.
C:\Documents and Settings\Jim\Local Settings\temp\~Unta08.exe => Moved successfully.

==== End of Fixlog ====

#22
RKinner

Posted 29 October 2013 - 09:39 AM

Malware Expert

Expert
24,625 posts

Start off by doing a defrag if you haven't done one in the last month or so:

http://support.microsoft.com/kb/314848

Then let's look at the bootlog:

Press Win+R or Start, Run to summon the Run dialog box.

Type msconfig and press Enter.

Click the Boot tab.

Place a check mark by the item Boot Log.

Click OK.

Click the Restart button to restart now.

Once it restarts look in C:\windows and find ntbtlog.txt or bootlog.txt and double click on it. Copy and paste the text into a reply.

#23
JIm Andersen

Posted 29 October 2013 - 08:42 PM

Member

Topic Starter
Member
34 posts

Thanks for the reminder on defragging, which I often forget. The drive was fragmented at 21%, with 40% of the files fragmented. Defragmenting improved it only to 14% and 29%. Could the large "files that cannot be defragmented," as identified in the defrag results shown below, be the problem? Most are my recently downloaded videos that should soon go onto disk, at which point I could delete them, and I know my drive is crowded. Removing some old business software will free up a fair amount of space. My current start-up time, incidentally, remains about the same.

When accessing msconfig, I could only check the requested "Boot Log" if I first selected the line identified in this pic of that window:

On restart, I was then given the start-up message shown in this pic, and then ignored it:

The resulting ntbt.log text is at the end of this post, following this defrag log:

Defrag Log:

Volume Local Disk (C:)
Volume size = 128 GB
Cluster size = 4 KB
Used space = 104 GB
Free space = 24.11 GB
Percent free space = 18 %

Volume fragmentation
Total fragmentation = 14 %
File fragmentation = 29 %
Free space fragmentation = 0 %

File fragmentation
Total files = 183,814
Average file size = 871 KB
Total fragmented files = 15
Total excess fragments = 211,222
Average fragments per file = 2.14

Pagefile fragmentation
Pagefile size = 3.00 GB
Total fragments = 8

Folder fragmentation
Total folders = 17,378
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 369 MB
MFT record count = 205,073
Percent MFT in use = 54 %
Total MFT fragments = 3

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
32 3 MB \Documents and Settings\All Users\Application Data\AVG2014\chjw\50f0d917f0d903de.dat
36 368 MB \System Volume Information\_restore{6DB99213-F29C-4ED2-BC1E-C0789BD0E11E}\RP458\A0124813.exe
5,433 390 MB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Psychiatry's Prescription for Violence.mpg
6,039 439 MB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Satan's Industry Of Death.mp4
2,655 871 MB \Documents and Settings\Jim\My Documents\My Videos\for iPhone 4 4s\Making a Killing, The Untold Story of Psychotropic Drugging - Full Movie .mp4
10,781 936 MB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Making A Killing- Side Effects.mpg
2,129 987 MB \Documents and Settings\Jim\My Documents\My Videos\for iPhone 4 4s\Dead Wrong - How Psychiatric Drugs Can Kill Your Child (1).mp4
14,661 1.10 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Making A Killing Chapters 1-3.mpg
15,176 1.14 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 6 - Life-Numbing and Deadly Side Effects, Dependence and Alternatives.mpg
15,093 1.18 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 2 - Marketing of Disease for Profit.mpg
16,733 1.18 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 1 - History of Psychiatric Drug Marketing.mpg
15,490 1.19 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 4 - Psychiatric Drug Marketing Campaigns to Doctors and YOU.mpg
18,118 1.19 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\118-Marketing of Madness Part 3 - Side Effects and Clinical Trial Fraud.mpg
14,098 1.19 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 5 - Mental Health Screening Exposed as Drug Marketing to Children, Moms and US Soldiers.mpg
10,328 1.20 GB \Documents and Settings\Jim\My Documents\My Videos\AGENDA Grinding America Down .mpg
8,394 1.58 GB \Documents and Settings\Jim\My Documents\My Videos\__Psychotropic Drugging\Making a Killing & Dead Wrong (2 Movies) .mpg
25,258 2.31 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Age of Fear.mpg
28,275 2.43 GB \Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Diagnostic and Statistical Manual - Psychiatry's Deadliest Scam.mpg
5,132 3.72 GB \Documents and Settings\Jim\My Documents\My Videos\Making a Killing - The Untold Story of Psychotropic Drugging .mpg

ntbt.log:

Service Pack 310 29 2013 20:37:24.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver avgrkx86.sys
Loaded driver avglogx.sys
Loaded driver avgmfx86.sys
Loaded driver avgidshx.sys
Loaded driver agp440.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\drivers\TotRec7.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TotRec8.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\GWMDM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\L8042pr2.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\System32\Drivers\MxlW2k.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\Imapi.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgtdix.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\SNTNLUSB.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgldx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgdiskx.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkipx.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnknb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\edgestat.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Loaded driver \SystemRoot\system32\DRIVERS\BSecACFltr.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Did not load driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PAR1284.sys
Loaded driver \??\C:\WINDOWS\system32\PfModNT.sys
Loaded driver \SystemRoot\System32\Drivers\RioPNP.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Thanks again. I look forward to another round!

Edited by JIm Andersen, 29 October 2013 - 08:43 PM.

#24
RKinner

Posted 29 October 2013 - 10:42 PM

Malware Expert

Expert
24,625 posts

Try Ultra defrag:

http://ultradefrag.s...t/en/index.html

It seems to do a better job.

#25
JIm Andersen

Posted 30 October 2013 - 07:18 PM

Member

Topic Starter
Member
34 posts

Thank you for Ultra Defrag, Mr. Kinner. It worked much better, defragging from 56% down to about 5%. Its defrag log is below, followed by a fresh ntbt log. My start-up time remains about the same, though; even 30 seconds longer after password entry. Thoughts?

Ultra Defrag Log:

700S: Fragmented files on C: (10/30/13 12:41:02)

Fragments
Size
Filename
Comment
Status

203
832 Kb
C:\$Secure:$SDH
-
invalid

128
1 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 6 - Life-Numbing and Deadly Side Effects, Dependence and Alternatives.mpg
-
move failed

101
2 Mb
C:\Program Files\Secunia\PSI\psialog.txt
-
move failed

70
35 Mb
C:\$Extend\$UsnJrnl:$J
-
locked

12
48 Kb
C:\$MFT::$BITMAP
-
locked

4876
4 Gb
C:\Documents and Settings\Jim\My Documents\My Videos\Making a Killing - The Untold Story of Psychotropic Drugging .mpg
-
-

55
2 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Age of Fear.mpg
-
-

81
2 Gb
C:\Documents and Settings\Jim\My Documents\My Videos\__Psychotropic Drugging\Making a Killing & Dead Wrong (2
Movies) .mpg
-
-

113
1 Gb
C:\Documents and Settings\Jim\My Documents\My Videos\AGENDA Grinding America Down .mpg
-
-

32
1 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\118-Marketing of Madness Part 3 - Side Effects and Clinical Trial Fraud.mpg
-
-

57
1 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 4 - Psychiatric Drug Marketing Campaigns to Doctors and YOU.mpg
-
-

52
1 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 2 - Marketing of Disease for Profit.mpg
-
-

20
1 Gb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Marketing of Madness Part 1 - History of Psychiatric Drug Marketing.mpg
-
-

1931
987 Mb
C:\Documents and Settings\Jim\My Documents\My Videos\for iPhone 4 4s\Dead Wrong - How Psychiatric Drugs Can Kill Your Child (1).mp4
-
-

331
871 Mb
C:\Documents and Settings\Jim\My Documents\My Videos\for iPhone 4 4s\Making a Killing, The Untold Story of Psychotropic Drugging - Full Movie .mp4
-
-

1409
439 Mb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Satan's Industry Of Death.mp4
-
-

32
390 Mb
C:\Documents and Settings\Jim\My Documents\My Downloads\Video Downloads\Psychiatry's Prescription for Violence.mpg
-
-

4
369 Mb
C:\$MFT
-
-

12
177 Mb
C:\$Secure:$SDS
-
-

14
125 Mb
C:\Documents and Settings\All Users\Application Data\AVG2014\avi\incavi.avm
-
-

17
40 Mb
C:\Program Files\Secunia\PSI\SUA\f2231c88705aaaf267443a8e6ac62ca5b6806acc\QuickTime_7.7.4_SPS.exe
-
-

10
25 Mb
C:\Program Files\Secunia\PSI\SUA\68d2b284c4010857fde66c83af3c82be0e2fdd2a\JavaJRE_7u45_32-bit_PSIonlySPS.exe
-
-

21
19 Mb
C:\Documents and Settings\Jim\Local Settings\Application Data\Identities\{9B938680-8AA2-417B-98B4-BBEAE423A1D4}\Microsoft\Copy of Outlook Express\Tamarind.dbx
-
-

6
17 Mb
C:\Program Files\Secunia\PSI\SUA\28a02ee99a41736327ba3de3727bfcea21db6231\Adobe_Help_Center_2.1.exe
-
-

2
14 Mb
C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
-
-

10
13 Mb
C:\Documents and Settings\Jim\Local Settings\Application Data\Identities\{9B938680-8AA2-417B-98B4-BBEAE423A1D4}\Microsoft\Copy of Outlook Express\Ultra Diamonds.dbx
-
-

3
12 Mb
C:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_17\Data1.cab
-
-

3
12 Mb
C:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_20\Data1.cab
-
-

7
12 Mb
C:\Program Files\Secunia\PSI\SUA\f8659932ffa99b44542b14cbd05bdc63a26d9930\ShockwavePlayer_12.0.4.144_SPS.exe
-
-

9
11 Mb
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
-
-

7
11 Mb
C:\WINDOWS\$hf_mig$\KB972260-IE8\SP3QFE\ieframe.dll
-
-

6
10 Mb
C:\Documents and Settings\Jim\My Documents\My Downloads\xlviewer.exe
-
-

17
10 Mb
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core2.zip
-
-

2
9 Mb
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core1.zip
-
-

3
9 Mb
C:\Program Files\Common Files\SpeechEngines\Microsoft\SR\1033\L1033.DLM
-
-

4
9 Mb
C:\Program Files\Sony\Sony Picture Utility\PMBCore\eDecoData\Music\Simple.wma
-
-

9
9 Mb
C:\Documents and Settings\Jim\My Documents\_Present\New Video Files\26 - Using Social Media to Find an Answer, Audio File .mp3
-
-

Visit our Homepage <http://ultradefrag.sourceforge.net> View report
options <file:///C:\Program
Files\UltraDefrag\options\udreportopts.lua> Powered by Lua
<http://www.lua.org/>

ntbt.log:

Service Pack 310 29 2013 20:37:24.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver avgrkx86.sys
Loaded driver avglogx.sys
Loaded driver avgmfx86.sys
Loaded driver avgidshx.sys
Loaded driver agp440.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\drivers\TotRec7.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TotRec8.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\GWMDM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\L8042pr2.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\System32\Drivers\MxlW2k.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\Imapi.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgtdix.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\SNTNLUSB.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgldx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgdiskx.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkipx.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnknb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\edgestat.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Loaded driver \SystemRoot\system32\DRIVERS\BSecACFltr.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Did not load driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PAR1284.sys
Loaded driver \??\C:\WINDOWS\system32\PfModNT.sys
Loaded driver \SystemRoot\System32\Drivers\RioPNP.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 310 30 2013 12:37:32.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver avgrkx86.sys
Loaded driver avglogx.sys
Loaded driver avgmfx86.sys
Loaded driver avgidshx.sys
Loaded driver agp440.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\drivers\TotRec7.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TotRec8.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\GWMDM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\L8042pr2.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\System32\Drivers\MxlW2k.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\Imapi.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgtdix.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\SNTNLUSB.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgldx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgdiskx.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkipx.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnknb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\edgestat.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\BSecACFltr.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PAR1284.sys
Loaded driver \??\C:\WINDOWS\system32\PfModNT.sys
Loaded driver \SystemRoot\System32\Drivers\RioPNP.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Did not load driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 310 30 2013 12:48:34.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
Loaded driver intelide.sys
Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver WudfPf.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver avgrkx86.sys
Loaded driver avglogx.sys
Loaded driver avgmfx86.sys
Loaded driver avgidshx.sys
Loaded driver agp440.sys
Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\drivers\TotRec7.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\TotRec8.sys
Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\System32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\GWMDM.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\drivers\ctoss2k.sys
Loaded driver \SystemRoot\system32\drivers\ctprxy2k.sys
Loaded driver \SystemRoot\system32\drivers\ctaud2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\L8042pr2.Sys
Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\System32\DRIVERS\serial.sys
Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
Loaded driver \SystemRoot\System32\Drivers\cdrbsdrv.SYS
Loaded driver \SystemRoot\System32\Drivers\MxlW2k.SYS
Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\System32\Drivers\Imapi.SYS
Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\System32\DRIVERS\update.sys
Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\ha10kx2k.sys
Loaded driver \SystemRoot\system32\drivers\ctac32k.sys
Loaded driver \SystemRoot\system32\drivers\emupia2k.sys
Loaded driver \SystemRoot\system32\drivers\ctsfm2k.sys
Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgtdix.sys
Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\SNTNLUSB.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgldx86.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsshimx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
Loaded driver \SystemRoot\system32\DRIVERS\avgdiskx.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkipx.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnknb.sys
Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\edgestat.sys
Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
Loaded driver \SystemRoot\System32\Drivers\SENTINEL.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\BSecACFltr.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\npf.sys
Did not load driver \SystemRoot\system32\DRIVERS\nwlnkspx.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\PAR1284.sys
Loaded driver \??\C:\WINDOWS\system32\PfModNT.sys
Loaded driver \SystemRoot\System32\Drivers\RioPNP.SYS
Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf.sys

#26
RKinner

Posted 30 October 2013 - 09:31 PM

Malware Expert

Expert
24,625 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Run FRST again but before hitting the Scan button, check the Addition.txt box then you should get two logs. Post them both.

You should be able to delete:

C:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_17\Data1.cab
C:\Documents and Settings\Jim\Application Data\Sun\Java\jre1.6.0_20\Data1.cab
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core2.zip
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core1.zip

These are all from obsolete Java versions.

I would also uninstall Secunia for now. It has too many entries in the undefragged list. Also it probably runs when you boot and may slow down the boot. You can reinstall later if you must.

Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.

#27
JIm Andersen

Posted 31 October 2013 - 09:37 PM

Member

Topic Starter
Member
34 posts

• All steps successfully executed, with the below exceptions. Related logs are copied further below or are attached.

• I did not witness the error-check operation, as I was away from the computer. I presume it ran, and I hope the logs reflect that. Please let me know if I messed up and need to redo.

• FRST again asked me to download a new FRST, but it was again the same version.

• Thanks for the old Java removal. I have wondered about those. Several other Java v6 items remain, though, as shown below. Is it safe to delete those, too?

• I uninstalled Secunia, using Revo Uninstaller, but Revo again threw me a curve. (It sometimes uses the Application's Uninstall app, which might then hide during the process and make you think that portion of the task is complete. You then find the Uninstall app later, still running.) Secunia appeared to have properly uninstalled, but I was not positive. Nonetheless, I completed all later steps, but then—when seeing the start-up time fail to improve—I reinstalled Secunia, ran it once, and then made sure to properly uninstall it. Finally, I completed the remaining steps again, as follows.

• Could not save autoruns.arn to desktop. Access was "denied," but I was logged on as the Administrator. By default, it then saved to the C:\Windows folder, from where I then zipped it.

• Startup time is now slightly slower:
Power-up to Log-in = 3:00
Log-in to Services Running and Online: 3:15
Total = 6:15

How am I doing, Mr. Kinner? Your knowledge is impressive! :thumbsup:

• Logs follow and file is attached:

Vino's Event Viewer – SYSTEM:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/10/2013 3:14:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 31/10/2013 3:03:30 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Log: 'System' Date/Time: 31/10/2013 2:08:54 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/10/2013 2:08:54 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.

Log: 'System' Date/Time: 31/10/2013 2:08:54 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager

The Application Management service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer – APPLICATION:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/10/2013 3:19:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 31/10/2013 3:16:55 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
The event description cannot be found.

Log: 'Application' Date/Time: 31/10/2013 3:16:51 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
The event description cannot be found.

FRST.txt Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Jim (administrator) on 700S on 31-10-2013 15:26:58
Running from C:\Documents and Settings\Jim\My Documents\My Downloads\Software Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Bsecure Technologies, Inc.) C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\System32\locator.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Smith Micro Software, Inc.) C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() C:\Program Files\AVG\AVG Family Safety\BSecAMX.exe
(Logitech Inc.) C:\WINDOWS\Logi_MwX.Exe
(Bsecure Technologies, Inc.) C:\Program Files\AVG\AVG Family Safety\BsecTray.exe
(Sony Corporation) C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\MSOffice\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files\Microsoft Works\MSWorks.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.Exe [28160 2005-07-23] (Logitech Inc.)
HKLM\...\Run: [Logitech Utility] - C:\WINDOWS\LOGI_MWX.EXE [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [AVG Family Safety] - C:\Program Files\AVG\AVG Family Safety\BsecTray.exe [106824 2011-03-30] (Bsecure Technologies, Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] - C:\Program Files\KeePass Password Safe 2\KeePass.exe [1655296 2010-09-05] (Dominik Reichl)
HKLM\...\Run: [Reader Library Launcher] - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM\...\Run: [Carbonite Backup] - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\QBDataServiceUser17\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\Rhonda\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
ShortcutTarget: Picture Package Menu.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
ShortcutTarget: Picture Package VCD Maker.lnk -> C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken 2005\bagent.exe (Intuit Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x161C4C81B8D3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {f1b5f790-bdce-11dd-ad8b-0800200c9a66} URL = http://search.yahoo....p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 02 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 03 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 04 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 05 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 06 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 07 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 08 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 09 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 10 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 11 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 12 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 13 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 14 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 15 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 16 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 17 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 18 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 19 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 20 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 21 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 22 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 23 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 24 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 25 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 26 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Winsock: Catalog9 53 %ProgramFiles%\AVG\AVG Family Safety\InetCtrl52.dll [305440] (Bsecure Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Jim\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @sony.com/eBookLibrary - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Jim\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: BarTab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: Виявлення пристроїв Logitech - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: AddThis - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: IE Tab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: IE Tab - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
FF Extension: Просмотр HTTP заголовков - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: amznUWL2 - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: artur.dubovoy - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: firefox - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: optout - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: pinterest - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: places-maintenance - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: readability - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\sfStatistics.xml
FF Extension: stealer - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: YoutubeDownloader - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\[email protected]
FF Extension: myxa - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{0C07EECD-53B6-4748-BB2B-4395BF51DD8B}.xpi
FF Extension: defaults - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi
FF Extension: noscript - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{861d02ef-6fd9-4ce1-954a-90ee3a4de31c}.xpi
FF Extension: No Name - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\fsshkt1d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR Extension: (Sort by Name) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0
CHR Extension: () - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.6_0
CHR Extension: (Add to Amazon Wish List) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0
CHR Extension: (Screen Capture (by Google)) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0
CHR Extension: (Read Later Fast) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.3.7_1
CHR Extension: (AdBlock) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0
CHR Extension: (IE Tab) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\2.11.30.1_0
CHR Extension: (bitly | a simple URL shortener) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0
CHR Extension: (Cloud Reader) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.0.0.0_0
CHR Extension: (Send to Kindle) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.4_0
CHR Extension: (Freemake Video Converter) - C:\DOCUME~1\Jim\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx

========================== Services (Whitelisted) =================

S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 Bsecure; C:\Program Files\AVG\AVG Family Safety\InetCtrl.exe [78664 2011-03-30] (Bsecure Technologies, Inc.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com))
S4 Extensions Updates Service; C:\Program Files\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe [77824 2008-10-29] (Extensoft)
S4 Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
R2 Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe [157000 2007-10-08] (Smith Micro Software, Inc.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [29560 2012-08-23] (AVG)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-01] (AVG Technologies)
S3 BCMModem; C:\Windows\System32\DRIVERS\BCMDM.sys [871388 2001-08-17] (BCM)
R3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [21624 2010-02-05] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [110592 2002-07-19] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [643072 2002-07-19] (Creative Technology Ltd)
R2 EdgeStat; C:\WINDOWS\system32\drivers\edgestat.sys [6912 1998-03-20] ()
R3 GTWModem; C:\Windows\System32\DRIVERS\GWMDM.sys [1136384 2003-03-19] (GTW)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)
R3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36608 2005-07-22] (Logitech, Inc.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28276 2006-10-17] (MusicMatch, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-30] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-30] (Microsoft Corporation)
R2 PAR1284; C:\WINDOWS\system32\drivers\PAR1284.sys [53344 2000-10-23] (Warp Nine Engineering)
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R2 RioPNP; C:\Windows\System32\Drivers\RioPNP.sys [6736 2000-06-06] (RioPort.com)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2002-12-17] (Rainbow Technologies, Inc.)
R3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [26120 2002-12-17] (Rainbow Technologies Inc.)
S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation)
R3 TotRec7; C:\Windows\System32\drivers\TotRec7.sys [131152 2011-07-08] (High Criteria inc.)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91728 2011-07-08] (High Criteria inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-31 15:20 - 2013-10-31 15:20 - 00028160 ____H C:\Documents and Settings\Jim\My Documents\~WRL2849.tmp
2013-10-31 15:14 - 2013-10-31 15:19 - 00000670 _____ C:\VEW.txt
2013-10-31 15:12 - 2013-10-31 15:12 - 00061440 _____ ( ) C:\Documents and Settings\Jim\Desktop\VEW.exe
2013-10-30 11:51 - 2013-10-30 12:17 - 00004747 _____ C:\Documents and Settings\Jim\My Documents\700S Fragmented files on C [10_30_13 12 41 02].txt
2013-10-30 00:04 - 2013-10-30 00:15 - 00000000 ____D C:\Program Files\UltraDefrag
2013-10-30 00:04 - 2013-10-30 00:04 - 00000734 _____ C:\Documents and Settings\All Users\Start Menu\Programs\UltraDefrag.lnk
2013-10-30 00:04 - 2013-10-30 00:04 - 00000728 _____ C:\Documents and Settings\All Users\Desktop\UltraDefrag.lnk
2013-10-29 21:30 - 2013-10-29 21:30 - 00013132 _____ C:\Documents and Settings\Jim\My Documents\Thanks for the reminder on defragging.txt
2013-10-29 18:11 - 2013-10-29 18:11 - 00009054 _____ C:\Documents and Settings\Jim\My Documents\VolumeC Defrag Results .txt
2013-10-29 11:12 - 2013-10-29 11:12 - 00001220 _____ C:\Documents and Settings\Jim\My Documents\nic brasher.txt
2013-10-28 23:57 - 2013-10-29 00:24 - 00003620 _____ C:\Documents and Settings\Jim\My Documents\joe.txt
2013-10-28 21:50 - 2013-10-28 21:50 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\Sun
2013-10-28 20:06 - 2013-10-28 20:02 - 00001291 _____ C:\magnet.xml
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Documents and Settings\Jim\OCALS~1
2013-10-28 14:16 - 2013-10-28 15:59 - 00001772 _____ C:\Documents and Settings\Jim\My Documents\Uninstallation detail - delete.txt
2013-10-28 14:11 - 2013-10-28 14:11 - 00003072 ___SH C:\Thumbs.db
2013-10-28 13:37 - 2013-10-28 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Download Manager
2013-10-26 19:37 - 2013-10-26 19:37 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-26 18:21 - 2013-10-26 18:21 - 00028041 _____ C:\ComboFix.txt
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-26 17:19 - 2013-10-26 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-26 17:19 - 2010-01-28 11:48 - 00000211 _____ C:\Boot.bak
2013-10-26 17:19 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-26 17:08 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-26 17:08 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-26 17:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-26 17:08 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-26 17:04 - 2013-10-26 17:04 - 05136694 ____R (Swearware) C:\Documents and Settings\Jim\Desktop\ComboFix.exe
2013-10-26 13:30 - 2013-10-26 18:21 - 00000000 ____D C:\Qoobox
2013-10-26 13:29 - 2013-10-26 18:16 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-26 11:21 - 2013-10-26 11:21 - 00000000 ____D C:\FRST
2013-10-26 11:07 - 2013-10-26 11:07 - 00001223 _____ C:\Documents and Settings\Jim\Desktop\JRT.txt
2013-10-26 10:41 - 2013-10-26 10:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-26 09:32 - 2013-10-26 10:04 - 00000000 ____D C:\AdwCleaner
2013-10-25 13:10 - 2013-10-26 13:03 - 00307712 ____H C:\Documents and Settings\Jim\My Documents\~WRL3719.tmp
2013-10-25 11:43 - 2013-10-25 11:43 - 00000000 ____D C:\_OTL
2013-10-24 14:07 - 2013-10-24 14:07 - 00040116 _____ C:\WINDOWS\$CCW_D02.CC$
2013-10-24 13:36 - 2013-10-24 13:36 - 00001823 _____ C:\Documents and Settings\Children\Desktop\Google Chrome.lnk
2013-10-24 13:33 - 2013-10-24 13:34 - 00001823 _____ C:\Documents and Settings\Rhonda\Desktop\Google Chrome.lnk
2013-10-24 13:32 - 2013-10-24 13:32 - 00207182 _____ C:\Documents and Settings\Jim\My Documents\OTL.Txt
2013-10-24 01:58 - 2013-10-24 01:58 - 00000140 _____ C:\Documents and Settings\Jim\My Documents\emergency drill at lincoln school.txt
2013-10-22 14:33 - 2013-10-22 14:33 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$tle 34, Code of Federal Regulations.htm
2013-10-22 14:13 - 2013-10-22 14:32 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\images
2013-10-22 14:11 - 2013-10-22 14:51 - 02442532 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.htm
2013-10-22 14:04 - 2013-10-22 14:10 - 00535343 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.txt
2013-10-21 13:08 - 2013-10-21 14:06 - 00006805 _____ C:\Documents and Settings\Jim\My Documents\REMEMBER THAT MAN.txt
2013-10-21 13:08 - 2013-10-21 13:08 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$MEMBER THAT MAN.txt
2013-10-20 15:27 - 2013-10-20 15:27 - 00002689 _____ C:\Documents and Settings\Jim\My Documents\Ro .txt
2013-10-11 13:34 - 2013-10-11 13:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 13:32 - 2013-10-11 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 13:30 - 2013-10-11 13:32 - 00132844 _____ C:\WINDOWS\KB2862335.log
2013-10-11 12:49 - 2013-10-11 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 12:47 - 2013-10-11 12:49 - 00011279 _____ C:\WINDOWS\KB2868038.log
2013-10-11 12:39 - 2013-10-11 12:42 - 00012241 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 12:38 - 2013-10-11 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 12:37 - 2013-10-11 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 18:45 - 2013-10-10 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 16:25 - 2013-10-11 12:16 - 00046592 ____H C:\Documents and Settings\Jim\My Documents\~WRL0781.tmp
2013-10-10 00:50 - 2013-10-11 13:34 - 00135263 _____ C:\WINDOWS\KB2847311.log
2013-10-10 00:45 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-10 00:45 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-10 00:35 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 00:35 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-10 00:27 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 00:27 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-08 16:05 - 2013-10-08 16:05 - 00000021 _____ C:\Documents and Settings\Jim\My Documents\stuffit key.txt
2013-10-08 16:03 - 2013-10-08 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StuffIt 11
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\WINDOWS\ItsDeductible
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q03Files
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q02FILES
2013-10-08 14:50 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\______BACKUP
2013-10-08 14:00 - 2013-10-08 14:00 - 00000566 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to MG6300 series (UPnP)_DD04E25A2A07.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-10-05 11:28 - 2013-10-28 14:46 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\EQATEC Analytics
2013-10-05 11:22 - 2013-10-05 11:22 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\WINDOWS\system32\AniGIF.ocx
2013-10-03 13:03 - 2013-10-03 13:03 - 00024576 ____H C:\Documents and Settings\Jim\My Documents\~WRL3874.tmp
2013-10-02 16:43 - 2013-10-02 16:43 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Apowersoft Screen Recorder Pro
2013-10-02 16:39 - 2013-10-02 16:39 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Apowersoft
2013-10-02 16:39 - 2013-06-02 04:56 - 00026032 _____ (Wondershare) C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys
2013-10-02 16:39 - 2013-06-01 20:07 - 00443568 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftScreenCapturing.dll
2013-10-02 16:39 - 2013-06-01 20:07 - 00271536 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftScreenCapturingFilter.dll
2013-10-02 16:39 - 2013-06-01 20:07 - 00181424 ____H (Bytescout) C:\WINDOWS\system32\ApowersoftVideoMixerFilter.dll
2013-10-02 00:31 - 2013-10-28 14:40 - 00065536 _____ C:\WINDOWS\system32\config\CaptureL.evt
2013-10-02 00:30 - 2013-10-02 00:30 - 00000000 ____D C:\Program Files\WinPcap

==================== One Month Modified Files and Folders =======

2013-10-31 15:20 - 2013-10-31 15:20 - 00028160 ____H C:\Documents and Settings\Jim\My Documents\~WRL2849.tmp
2013-10-31 15:19 - 2013-10-31 15:14 - 00000670 _____ C:\VEW.txt
2013-10-31 15:16 - 2010-01-28 13:01 - 00002355 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2013-10-31 15:12 - 2013-10-31 15:12 - 00061440 _____ ( ) C:\Documents and Settings\Jim\Desktop\VEW.exe
2013-10-31 15:12 - 2012-03-29 19:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-31 14:12 - 2006-10-16 15:17 - 00000000 ____D C:\WINDOWS\Registration
2013-10-31 14:09 - 2006-10-16 15:37 - 01996607 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-31 14:08 - 2006-10-16 10:13 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-31 14:08 - 2006-10-16 10:13 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-31 14:06 - 2006-10-16 15:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-31 14:03 - 2006-10-16 16:28 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-10-31 14:03 - 2006-10-16 16:28 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-10-31 14:03 - 2006-10-16 16:28 - 00000024 _____ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2013-10-31 14:03 - 2006-10-16 16:28 - 00000024 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2013-10-31 14:03 - 2006-10-16 15:24 - 00032592 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-31 14:02 - 2006-10-16 15:25 - 00000178 ___SH C:\Documents and Settings\Jim\ntuser.ini
2013-10-31 10:48 - 2013-09-07 09:02 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-30 17:19 - 2011-06-22 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-30 12:47 - 2006-10-16 10:10 - 00000336 __RSH C:\boot.ini
2013-10-30 12:47 - 2001-08-30 05:30 - 00001576 _____ C:\WINDOWS\win.ini
2013-10-30 12:47 - 2001-08-30 05:30 - 00000327 _____ C:\WINDOWS\system.ini
2013-10-30 12:45 - 2012-09-26 17:57 - 00324181 _____ C:\WINDOWS\setupapi.log
2013-10-30 12:17 - 2013-10-30 11:51 - 00004747 _____ C:\Documents and Settings\Jim\My Documents\700S Fragmented files on C [10_30_13 12 41 02].txt
2013-10-30 00:15 - 2013-10-30 00:04 - 00000000 ____D C:\Program Files\UltraDefrag
2013-10-30 00:04 - 2013-10-30 00:04 - 00000734 _____ C:\Documents and Settings\All Users\Start Menu\Programs\UltraDefrag.lnk
2013-10-30 00:04 - 2013-10-30 00:04 - 00000728 _____ C:\Documents and Settings\All Users\Desktop\UltraDefrag.lnk
2013-10-29 21:30 - 2013-10-29 21:30 - 00013132 _____ C:\Documents and Settings\Jim\My Documents\Thanks for the reminder on defragging.txt
2013-10-29 18:11 - 2013-10-29 18:11 - 00009054 _____ C:\Documents and Settings\Jim\My Documents\VolumeC Defrag Results .txt
2013-10-29 11:12 - 2013-10-29 11:12 - 00001220 _____ C:\Documents and Settings\Jim\My Documents\nic brasher.txt
2013-10-29 00:24 - 2013-10-28 23:57 - 00003620 _____ C:\Documents and Settings\Jim\My Documents\joe.txt
2013-10-28 22:00 - 2013-02-11 17:14 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\com.amazon.music.uploader
2013-10-28 21:57 - 2010-04-23 13:32 - 00000000 ____D C:\Program Files\2nd Story Software
2013-10-28 21:50 - 2013-10-28 21:50 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\Sun
2013-10-28 21:47 - 2013-09-06 10:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith
2013-10-28 21:47 - 2013-09-06 10:16 - 00000000 ____D C:\Program Files\TechSmith
2013-10-28 21:45 - 2006-12-29 11:22 - 00000000 ____D C:\Program Files\MTV Networks
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Documents and Settings\Jim\OCALS~1
2013-10-28 20:03 - 2006-10-16 15:25 - 00000000 ____D C:\Documents and Settings\Jim
2013-10-28 20:02 - 2013-10-28 20:06 - 00001291 _____ C:\magnet.xml
2013-10-28 15:59 - 2013-10-28 14:16 - 00001772 _____ C:\Documents and Settings\Jim\My Documents\Uninstallation detail - delete.txt
2013-10-28 14:46 - 2013-10-05 11:28 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\EQATEC Analytics
2013-10-28 14:40 - 2013-10-02 00:31 - 00065536 _____ C:\WINDOWS\system32\config\CaptureL.evt
2013-10-28 14:36 - 2011-09-05 18:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2013-10-28 14:11 - 2013-10-28 14:11 - 00003072 ___SH C:\Thumbs.db
2013-10-28 14:11 - 2012-10-13 10:23 - 00000000 ____D C:\jobs
2013-10-28 13:48 - 2011-09-05 21:46 - 00345650 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-28 13:46 - 2013-10-28 13:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free Download Manager
2013-10-28 00:52 - 2007-08-19 16:21 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-10-27 02:32 - 2006-11-30 20:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-27 02:19 - 2006-10-16 10:12 - 00610952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-26 21:17 - 2013-06-18 20:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-10-26 21:12 - 2012-01-02 10:34 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\TempDIR
2013-10-26 19:37 - 2013-10-26 19:37 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Malwarebytes
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-26 19:36 - 2013-10-26 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-26 18:21 - 2013-10-26 18:21 - 00028041 _____ C:\ComboFix.txt
2013-10-26 18:21 - 2013-10-26 13:30 - 00000000 ____D C:\Qoobox
2013-10-26 18:21 - 2006-10-16 15:24 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-26 18:16 - 2013-10-26 13:29 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-26 17:56 - 2006-10-16 10:11 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-10-26 17:56 - 2006-10-16 10:11 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 50331648 _____ C:\WINDOWS\system32\config\software.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 12845056 _____ C:\WINDOWS\system32\config\system.bak
2013-10-26 17:56 - 2006-10-16 10:10 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00008192 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-10-26 17:55 - 2013-10-26 17:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-10-26 17:19 - 2013-10-26 17:19 - 00000000 _RSHD C:\cmdcons
2013-10-26 17:04 - 2013-10-26 17:04 - 05136694 ____R (Swearware) C:\Documents and Settings\Jim\Desktop\ComboFix.exe
2013-10-26 13:03 - 2013-10-25 13:10 - 00307712 ____H C:\Documents and Settings\Jim\My Documents\~WRL3719.tmp
2013-10-26 11:21 - 2013-10-26 11:21 - 00000000 ____D C:\FRST
2013-10-26 11:07 - 2013-10-26 11:07 - 00001223 _____ C:\Documents and Settings\Jim\Desktop\JRT.txt
2013-10-26 10:41 - 2013-10-26 10:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-26 10:04 - 2013-10-26 09:32 - 00000000 ____D C:\AdwCleaner
2013-10-25 18:56 - 2013-08-31 16:39 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-25 11:44 - 2009-03-30 14:05 - 00000000 ____D C:\Program Files\gigasizetb
2013-10-25 11:43 - 2013-10-25 11:43 - 00000000 ____D C:\_OTL
2013-10-24 17:56 - 2011-05-14 10:08 - 00000178 ___SH C:\Documents and Settings\Rhonda\ntuser.ini
2013-10-24 14:07 - 2013-10-24 14:07 - 00040116 _____ C:\WINDOWS\$CCW_D02.CC$
2013-10-24 14:07 - 2006-10-28 10:50 - 00003498 _____ C:\WINDOWS\POWERUP.INI
2013-10-24 13:38 - 2011-05-21 16:09 - 00000178 ___SH C:\Documents and Settings\Children\ntuser.ini
2013-10-24 13:36 - 2013-10-24 13:36 - 00001823 _____ C:\Documents and Settings\Children\Desktop\Google Chrome.lnk
2013-10-24 13:34 - 2013-10-24 13:33 - 00001823 _____ C:\Documents and Settings\Rhonda\Desktop\Google Chrome.lnk
2013-10-24 13:34 - 2011-06-20 15:17 - 00000000 ____D C:\Documents and Settings\Rhonda\Tracing
2013-10-24 13:32 - 2013-10-24 13:32 - 00207182 _____ C:\Documents and Settings\Jim\My Documents\OTL.Txt
2013-10-24 11:12 - 2012-01-15 14:06 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\LogMeIn Rescue Applet
2013-10-24 01:58 - 2013-10-24 01:58 - 00000140 _____ C:\Documents and Settings\Jim\My Documents\emergency drill at lincoln school.txt
2013-10-23 16:47 - 2009-08-03 14:54 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2013-10-22 14:51 - 2013-10-22 14:11 - 02442532 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.htm
2013-10-22 14:33 - 2013-10-22 14:33 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$tle 34, Code of Federal Regulations.htm
2013-10-22 14:32 - 2013-10-22 14:13 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\images
2013-10-22 14:10 - 2013-10-22 14:04 - 00535343 _____ C:\Documents and Settings\Jim\My Documents\Title 34, Code of Federal Regulations.txt
2013-10-21 14:06 - 2013-10-21 13:08 - 00006805 _____ C:\Documents and Settings\Jim\My Documents\REMEMBER THAT MAN.txt
2013-10-21 13:08 - 2013-10-21 13:08 - 00000162 ____H C:\Documents and Settings\Jim\My Documents\~$MEMBER THAT MAN.txt
2013-10-20 15:27 - 2013-10-20 15:27 - 00002689 _____ C:\Documents and Settings\Jim\My Documents\Ro .txt
2013-10-19 18:28 - 2006-12-06 20:55 - 00134208 _____ C:\Documents and Settings\Jim\Application Data\GDIPFONTCACHEV1.DAT
2013-10-17 11:10 - 2008-01-25 15:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 11:10 - 2006-10-16 10:11 - 00388792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-16 12:01 - 2011-08-29 15:33 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\_Present
2013-10-16 12:01 - 2009-12-06 21:28 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\__Job Search
2013-10-16 12:01 - 2008-11-25 12:09 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\_Andersen SIGNS Receipts
2013-10-16 12:01 - 2006-10-19 20:12 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Jobs
2013-10-11 13:34 - 2013-10-11 13:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 13:34 - 2013-10-10 00:50 - 00135263 _____ C:\WINDOWS\KB2847311.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00127386 _____ C:\WINDOWS\tsoc.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00067242 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00018468 _____ C:\WINDOWS\ocmsn.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00016686 _____ C:\WINDOWS\msgsocm.log
2013-10-11 13:34 - 2012-10-20 17:18 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00333883 _____ C:\WINDOWS\FaxSetup.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00159624 _____ C:\WINDOWS\ocgen.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00110833 _____ C:\WINDOWS\comsetup.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00058863 _____ C:\WINDOWS\iis6.log
2013-10-11 13:34 - 2012-10-20 17:17 - 00034127 _____ C:\WINDOWS\updspapi.log
2013-10-11 13:32 - 2013-10-11 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 13:32 - 2013-10-11 13:30 - 00132844 _____ C:\WINDOWS\KB2862335.log
2013-10-11 13:32 - 2012-10-20 17:18 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-11 13:29 - 2013-08-14 09:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 13:08 - 2006-10-17 08:22 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-11 13:06 - 2010-06-05 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-11 12:49 - 2013-10-11 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 12:49 - 2013-10-11 12:47 - 00011279 _____ C:\WINDOWS\KB2868038.log
2013-10-11 12:42 - 2013-10-11 12:39 - 00012241 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 12:40 - 2009-05-31 21:58 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-11 12:38 - 2013-10-11 12:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 12:37 - 2013-10-11 12:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 12:16 - 2013-10-10 16:25 - 00046592 ____H C:\Documents and Settings\Jim\My Documents\~WRL0781.tmp
2013-10-10 18:45 - 2013-10-10 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 18:45 - 2013-09-25 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-10-10 12:31 - 2013-05-04 12:47 - 00001612 _____ C:\WINDOWS\wmsetup.log
2013-10-09 12:20 - 2006-10-16 15:39 - 00134208 _____ C:\Documents and Settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-08 22:19 - 2012-03-29 19:42 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-08 22:19 - 2011-05-31 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 16:05 - 2013-10-08 16:05 - 00000021 _____ C:\Documents and Settings\Jim\My Documents\stuffit key.txt
2013-10-08 16:03 - 2013-10-08 16:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StuffIt 11
2013-10-08 15:21 - 2006-10-17 21:42 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Adobe
2013-10-08 14:52 - 2013-10-08 14:52 - 00000000 ____D C:\WINDOWS\ItsDeductible
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q03Files
2013-10-08 14:51 - 2013-10-08 14:51 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Q02FILES
2013-10-08 14:51 - 2013-10-08 14:50 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\______BACKUP
2013-10-08 14:39 - 2006-12-02 16:17 - 00000000 ____D C:\Program Files\TurboTax
2013-10-08 14:00 - 2013-10-08 14:00 - 00000566 _____ C:\Documents and Settings\Jim\Desktop\Shortcut to MG6300 series (UPnP)_DD04E25A2A07.lnk
2013-10-08 13:31 - 2011-11-04 15:14 - 00001823 _____ C:\Documents and Settings\Jim\Desktop\Google Chrome.lnk
2013-10-08 13:23 - 2012-09-20 15:48 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-10-08 13:16 - 2011-06-22 11:14 - 00000000 ____D C:\Program Files\AVG
2013-10-08 13:08 - 2009-10-05 13:13 - 00000000 ____D C:\Program Files\Java
2013-10-08 12:55 - 2008-10-14 00:22 - 00000000 ____D C:\Program Files\Intuit
2013-10-08 12:48 - 2006-11-30 21:09 - 00000000 ____D C:\Program Files\Common Files\AnswerWorks 4.0
2013-10-07 21:28 - 2012-01-09 16:13 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\math correction
2013-10-07 11:51 - 2009-12-21 17:18 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 11:51 - 2009-12-21 17:18 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 11:07 - 2013-10-07 11:07 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-10-07 11:07 - 2013-10-07 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
2013-10-07 11:05 - 2006-11-30 21:16 - 00000000 ____D C:\Program Files\Google
2013-10-05 11:22 - 2013-10-05 11:22 - 00172032 _____ (Jin Hui E-mail: [email protected] Web: http://www.jcomsoft.com) C:\WINDOWS\system32\AniGIF.ocx
2013-10-04 23:01 - 2012-10-20 17:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-04 22:58 - 2011-09-05 21:46 - 01680747 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1035525444-839522115-1004-0.dat
2013-10-03 13:03 - 2013-10-03 13:03 - 00024576 ____H C:\Documents and Settings\Jim\My Documents\~WRL3874.tmp
2013-10-03 00:24 - 2011-07-18 13:25 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-03 00:00 - 2010-03-08 12:50 - 00094412 ____H C:\WINDOWS\system32\mlfcache.dat
2013-10-02 18:41 - 2013-09-06 10:16 - 00000000 ____D C:\Documents and Settings\Jim\Local Settings\Application Data\TechSmith
2013-10-02 17:55 - 2006-10-16 10:07 - 00000000 ____D C:\WINDOWS\Resources
2013-10-02 16:43 - 2013-10-02 16:43 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Apowersoft Screen Recorder Pro
2013-10-02 16:39 - 2013-10-02 16:39 - 00000000 ____D C:\Documents and Settings\Jim\Application Data\Apowersoft
2013-10-02 00:37 - 2011-09-05 18:10 - 00000000 ____D C:\Documents and Settings\Jim\My Documents\Freemake
2013-10-02 00:30 - 2013-10-02 00:30 - 00000000 ____D C:\Program Files\WinPcap
2013-10-01 16:59 - 2013-08-06 14:21 - 00003726 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-10-01 16:58 - 2011-12-15 08:13 - 00000000 ____D C:\WINDOWS\system32\cache
2013-10-01 16:56 - 2012-09-18 20:10 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-10-01 14:01 - 2013-09-30 20:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-01 10:23 - 2013-09-30 10:48 - 00005317 _____ C:\Documents and Settings\Jim\My Documents\Big Pharma Exec Turned Whistleblower .txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

ADDITION.txt Log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Jim at 2013-10-31 15:30:40
Running from C:\Documents and Settings\Jim\My Documents\My Downloads\Software Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
Could not list Security Center items. Check WMI.

==================== Installed Programs ======================

ACDSee Photo Manager 2009 (Version: 11.0.113)
Adobe Acrobat 7.0 Professional (Version: 7.1.4)
Adobe Acrobat 7.1.4 Professional (Version: 7.1.4)
Adobe AIR (Version: 3.5.0.1060)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe Stock Photos 1.0 (Version: 1.0.8)
Adobe SVG Viewer 3.0 (Version: 3.0)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.0.2.92)
Apple Software Update (Version: 2.1.3.127)
Autodesk WHIP! (Release 4.0-102)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4142)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG Family Safety (Version: 10.1.7)
AviSynth 2.5
Bonjour (Version: 1.0.102)
Bonjour (Version: 3.0.0.10)
Carbonite (Version: 5.1.0 build 925 (Dec-05-2011))
CCScore (Version: 5.03.0000.0003)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Creative Jukebox Driver
Creative NOMAD II Driver
ESSBrwr (Version: 5.03.0000.0101)
ESSCDBK (Version: 5.03.0000.0001)
ESScore (Version: 5.03.0000.0301)
ESSgui (Version: 5.03.0000.0101)
ESShelp (Version: 5.03.0000.0003)
ESSini (Version: 5.03.0000.0201)
ESSPCD (Version: 5.03.0000.0001)
ESSPDock (Version: 5.03.0000.0008)
ESSSONIC (Version: 5.3.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 5.03.0000.0001)
essvcpt (Version: 5.03.0000.0001)
EstiMate 2.0
EstiMate Visual Pricing System1.99
Extensions for Windows (Version: 1.0.4.10)
ffdshow [rev 1443] [2007-08-29] (Version: 1.0)
First Step Guide (Version: 1.00.000)
Gateway Drivers and Applications Recovery
Gateway IE Customizations
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
GigaSize Toolbar 1.0
Google Chrome (HKCU Version: 21.0.1180.89)
Google Chrome (Version: 65.61.49249)
Google Earth (Version: 7.1.1.1888)
Google SketchUp 6 (Version: 6.0.515)
Google SketchUp 6 Exporters (Version: 6.0.515)
Google SketchUp LayOut 6 (Version: 1.0.617)
Google SketchUp Pro 6 (Version: 6.0.00408)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
GSP OMEGA
GTW Modem
GTW V.92 Voicemodem
HLPPDOCK (Version: 5.03.0000.0001)
HP Precisionscan Pro 3.1 (Version: 3.1.0.0000)
HVAC-Calc (Vista Compatible)
ImageMixer VCD2 (Version: 2.01.002.3)
Intel® PRO Network Adapters and Drivers
Ioline SmarTrac Software
ISO Recorder (Version: 2.0.0)
ItsDeductible Express (Version: 1.00.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
KeePass Password Safe 2.13
kgcbase (Version: 5.03.0000.0004)
KODAK Camera Connection Software Help
Kodak EasyShare software
KODAK Memory Albums
KODAK Picture Software
KSU (Version: 632.62.0003.0003)
LG USB Modem driver
Logitech MouseWare 9.79.1
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MFC RunTime files (Version: 1.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA (Version: 2.1.21022)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA (Version: 3.1.21022)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 - Language Pack (italiano)
Microsoft .NET Framework 3.5 Language Pack - ita (Version: 3.5.21022)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0 (Version: 07.02.0710.1)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Move Media Player
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MUSICMATCH Jukebox
Nero PhotoShow Express (Version: 3.0)
Nero Suite
NOMAD Jukebox 3 Driver
Notifier (Version: 5.03.0000.0001)
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Octoshape add-in for Adobe Flash Player
OfotoXMI (Version: 5.03.0000.0302)
OpenDNS Updater 1.3.0.187
OTtBP (Version: 5.03.0000.0001)
OTtBPSDK (Version: 4.00.0000.0000)
PandoraRecovery (Remove Only)
Pauker
PDFtoEPUB (Version: 1.5.0)
PhoneTools (Version: 3.06)
Picture Package (Version: 1.05.000)
PRS-500 USB driver (Version: 1.0.00.08110)
QBXMLRP2 (Version: 4.0.00168.0)
Quicken 2005 (Version: 14.00.0000)
Quicken 2008 (Version: 17.1.3.7)
QuickTime (Version: 7.2.0.240)
QuickTime (Version: 7.72.80.56)
Reader Library by Sony (Version: 3.3.00.07130)
Revo Uninstaller 1.92 (Version: 1.92)
Rhapsody Player Engine (Version: 1.0.604)
Runtime (Version: 1.00.0000)
Safari (Version: 5.34.57.2)
Secunia PSI (3.0.0.2004) (Version: 3.0.0.2004)
Segoe UI (Version: 14.0.4327.805)
Sentinel System Driver 5.41.1 (32-bit) (Version: 5.41.1)
SFR (Version: 5.00.0000.0005)
SHASTA (Version: 5.03.0000.0002)
SKIN0001 (Version: 5.03.0000.0101)
SKINXSDK (Version: 5.03.0000.0101)
Snagit 11 (Version: 11.2.1)
Sony MHS Camera Driver
Sony Picture Utility (Version: 4.3.03.07070)
Sony USB Driver
Sound Blaster Audigy
Spybot - Search & Destroy (Version: 1.6.2)
staticcr (Version: 5.03.0000.0001)
StuffIt 11 (Version: 11.2.0)
StuffIt Plugins for Microsoft Office (Version: 1.0.0)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
Total Recorder 8.3 Professional Edition
Ultra Defragmenter (Version: 6.0.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
VersaCheck 2005 Silver (Version: 9.0.1.1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VPRINTOL (Version: 5.03.0000.0101)
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3146.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Vista Upgrade Advisor (Version: 1.0.0.657)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WIRELESS (Version: 5.03.0000.0003)
Works Suite OS Pack (Version: 3.0.0.0000)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
YouSendIt Express (Version: 1.5.1)

==================== Restore Points =========================

14-09-2013 19:25:33 Software Distribution Service 3.0
16-09-2013 04:36:03 System Checkpoint
17-09-2013 05:34:26 System Checkpoint
19-09-2013 20:53:19 System Checkpoint
20-09-2013 21:25:52 System Checkpoint
21-09-2013 21:32:04 System Checkpoint
23-09-2013 00:32:15 System Checkpoint
25-09-2013 00:43:18 System Checkpoint
25-09-2013 22:34:35 Installed AVG 2014
25-09-2013 22:44:44 Installed AVG 2014
27-09-2013 00:53:27 System Checkpoint
28-09-2013 01:30:32 System Checkpoint
29-09-2013 01:39:59 System Checkpoint
02-10-2013 23:40:38 Installed Jing
03-10-2013 12:18:30 Printer Driver Snagit 11 Printer Installed
05-10-2013 03:52:12 Revo Uninstaller's restore point - Free Download Manager 3.9.3
07-10-2013 11:20:04 System Checkpoint
08-10-2013 17:38:14 Revo Uninstaller's restore point - QuickBooks Pro 2007
08-10-2013 17:56:55 Revo Uninstaller's restore point - AVG PC TuneUp
08-10-2013 18:06:08 Revo Uninstaller's restore point - Java™ 6 Update 37
08-10-2013 18:16:44 Removed AVG PC TuneUp
08-10-2013 18:17:44 Removed AVG PC TuneUp Language Pack (en-US)
08-10-2013 18:20:46 Software Distribution Service 3.0
08-10-2013 19:23:19 Installed StuffIt 11.
08-10-2013 19:28:21 Revo Uninstaller's restore point - StuffIt 11
08-10-2013 19:29:21 Removed StuffIt 11.
08-10-2013 19:35:48 Revo Uninstaller's restore point - TurboTax Deluxe 2004
08-10-2013 19:38:53 Revo Uninstaller's restore point - TurboTax Deluxe 2004
08-10-2013 21:03:13 Installed StuffIt 11.
09-10-2013 05:41:29 Software Distribution Service 3.0
09-10-2013 14:41:06 Revo Uninstaller's restore point - Apowersoft Screen Recorder Pro V1.1.7
11-10-2013 16:11:08 System Checkpoint
11-10-2013 17:05:00 Software Distribution Service 3.0
13-10-2013 06:36:14 System Checkpoint
14-10-2013 16:47:04 System Checkpoint
17-10-2013 16:20:21 Software Distribution Service 3.0
22-10-2013 17:52:40 Revo Uninstaller's restore point - SpeedBit Video Downloader
24-10-2013 02:03:39 Revo Uninstaller's restore point - Microsoft .NET Framework 4 Extended
24-10-2013 06:11:49 Revo Uninstaller's restore point - Apowersoft Screen Recorder Pro V1.1.7
24-10-2013 07:00:06 Software Distribution Service 3.0
24-10-2013 21:43:09 Software Distribution Service 3.0
25-10-2013 21:44:47 System Checkpoint
26-10-2013 23:42:39 System Checkpoint
27-10-2013 06:15:24 Software Distribution Service 3.0
28-10-2013 06:42:28 System Checkpoint
28-10-2013 18:43:18 Revo Uninstaller's restore point - Free Download Manager 3.9.3
28-10-2013 19:02:31 Revo Uninstaller's restore point - Free Extended Task Manager
28-10-2013 19:19:53 Revo Uninstaller's restore point - Freemake Audio Converter version 1.1.0
28-10-2013 19:23:45 Revo Uninstaller's restore point - Freemake Video Converter version 4.0.1
28-10-2013 19:35:30 Revo Uninstaller's restore point - Freemake Video Downloader
28-10-2013 19:55:02 Revo Uninstaller's restore point - SCREEN2EXE 3.4 (build:2577)
28-10-2013 20:02:56 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
28-10-2013 20:06:06 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
28-10-2013 20:25:04 Revo Uninstaller's restore point - Uniblue DriverScanner 2009
29-10-2013 01:12:17 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
29-10-2013 02:13:41 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
29-10-2013 02:32:03 Revo Uninstaller's restore point - QuickBooks Product Listing Service
29-10-2013 02:41:04 Revo Uninstaller's restore point - MacDrive 6
29-10-2013 02:44:38 Revo Uninstaller's restore point - URGE
29-10-2013 02:46:41 Revo Uninstaller's restore point - Jing
29-10-2013 02:52:41 Revo Uninstaller's restore point - Free Disk Analyzer
29-10-2013 02:55:41 Revo Uninstaller's restore point - TaxACT 2008
29-10-2013 02:58:17 Revo Uninstaller's restore point - Amazon Music Importer
29-10-2013 02:59:10 Removed Amazon Music Importer
29-10-2013 03:01:40 Revo Uninstaller's restore point - Movavi Screen Capture Studio 4
30-10-2013 03:36:30 System Checkpoint
31-10-2013 03:53:01 System Checkpoint

==================== Hosts content: ==========================

2001-08-30 05:30 - 2013-10-26 18:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 11:42 - 2011-03-30 02:58 - 00055624 _____ () C:\Program Files\AVG\AVG Family Safety\BsecZlib.dll
2010-07-13 01:28 - 2010-07-13 01:28 - 00856064 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 01:13 - 2010-07-13 01:13 - 00033792 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00233472 _____ () C:\Program Files\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00020480 _____ () C:\Program Files\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 21:23 - 2010-04-02 21:23 - 00815104 _____ () C:\Program Files\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 01:16 - 2010-07-13 01:16 - 00118784 _____ () C:\Program Files\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00009728 _____ () C:\Program Files\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 01:26 - 2010-07-13 01:26 - 00018432 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00010240 _____ () C:\Program Files\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00008704 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00028160 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00011776 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 20:44 - 2010-04-02 20:44 - 00086016 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 01:29 - 2010-07-13 01:29 - 00143360 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 01:10 - 2010-07-13 01:10 - 00172032 _____ () C:\Program Files\Sony\Reader\Data\bin\launcher\USBDetector.dll
2013-09-30 20:57 - 2013-09-30 20:59 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-08 22:19 - 2013-10-08 22:19 - 16233864 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bsecure => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Logitech-compatible Mouse PS/2
Description: Logitech-compatible Mouse PS/2
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/31/2013 03:03:30 PM) (Source: DCOM) (User: 700S)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (10/31/2013 02:08:54 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
%%1053

Error: (10/31/2013 02:08:54 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.

Error: (10/31/2013 02:08:54 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1535.3 MB
Available physical RAM: 603.96 MB
Total Pagefile: 4460.43 MB
Available Pagefile: 3589.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.79 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:127.99 GB) (Free:23.52 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive s: (BACKUP) (Fixed) (Total:21.06 GB) (Free:20.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: B8F1B8F1)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=21 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files

AutoRuns.zip 97.4KB 164 downloads

#28
RKinner

Posted 01 November 2013 - 01:47 AM

Malware Expert

Expert
24,625 posts

You can delete all of the JRE1.something folders. In fact you can uninstall Java 7 Update 25 and then delete all of the Java folders. If you still need Java, then

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

Go back into Autoruns and uncheck the yellow marked items. Then close Autoruns and reboot.

#29
JIm Andersen

Posted 01 November 2013 - 01:27 PM

Member

Topic Starter
Member
34 posts

I removed all JRE1.* folders, and uninstalled Java 7 Update 25.

I then installed the latest Java, but promptly uninstalled it, thinking to wait until an actual "need" for it.

In Autoruns, I unchecked all the yellow marked items I could, but the first thirteen (13) of the list would not uncheck. Instead, I was given the message, "Error changing item state: Access is denied."

For what its worth: I tend to monitor CPU Usage through Task Manager and, for the first time in ages, such usage now rests comfortably in single digit percentiles. I noticed this after deleting the JRE1.* folders and when ready to install the latest Java. Right now, its at 0%.

Start-up time remains about the same as last reported.

I'm sorry, I forgot to mention: NET Framework 4 did successfully update, since I last reported it would not.

#30
RKinner

Posted 01 November 2013 - 03:07 PM

Malware Expert

Expert
24,625 posts

Name: Logitech-compatible Mouse PS/2
Description: Logitech-compatible Mouse PS/2
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

This is some sort of Mouse that it thinks it should have but doesn't.

If you right click on (My) Computer and select Manage then Device Manager you should see it with a yellow mark next to it. Right click on it and Uninstall or Delete and then reboot.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Log: 'System' Date/Time: 31/10/2013 3:03:30 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Right click on My Computer and select Manage then Services and Applications then Services. Find the MDM service and right click on it and select Properties then change the Startup Type to Disabled. OK.

Do the same for

Net.Tcp Port Sharing Service

and verify that the other 3 Net. something services are also set to Disabled.

Run autoruns again as before and post the log.