Whether you can or can't, your help is greatly appreciated. Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by Brett Sjoholm (administrator) on 17-07-2013 02:21:23
Running from C:\Users\Brett Sjoholm\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Tordex) C:\Program Files\StartKiller\StartKiller.exe
(xwidget.com) C:\Program Files\XWidget\xwidget.exe
(Team XBMC) C:\Program Files\XBMC\XBMC.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2010-11-04] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE [x]
HKCU\...\Run: [xwidget] - C:\Program Files\XWidget\xwidget.exe [1770496 2012-12-04] (xwidget.com)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {1f36164f-4c62-11e2-9a43-005056c00008} - E:\ToolLauncher-Bootstrap.exe
MountPoints2: {569c7d08-0e3a-11e2-ae3a-005056c00008} - F:\Autorun.exe /s
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start Killer.lnk
ShortcutTarget: Start Killer.lnk -> C:\Program Files\StartKiller\StartKiller.exe (Tordex)
Startup: C:\ProgramData\Start Menu\Programs\Startup\XWidget.lnk
ShortcutTarget: XWidget.lnk -> C:\Program Files\XWidget\xwidget.exe (xwidget.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstartHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstartURLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_06\bin\jp2ssv.dll No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default
FF user.js: detected! => C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\user.js
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: Ghostery - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\https-everywhere@eff.org
FF Extension: FEBE - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: FT DeepDark - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: WOT - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: facebook - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\facebook@disconnect.me.xpi
FF Extension: google - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\google@disconnect.me.xpi
FF Extension: jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
FF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF Extension: john - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\john@velvetcache.org.xpi
FF Extension: twitter - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\twitter@disconnect.me.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-11-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-11-04] (ESET)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360192 2011-08-14] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [603904 2011-08-14] (TuneUp Software)
S3 wbengine; "%systemroot%\system32\wbengine.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2007-10-31] (Digidesign, A Division of Avid Technology, Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-09-03] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 MAYA44; C:\Windows\System32\Drivers\Maya44.sys [363728 2013-01-10] (Audiotrack)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 pgusbmme; C:\Windows\System32\drivers\pgusbmm3.sys [44752 2013-01-10] (usb-audio.de)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MAUSBFASTTRACK; system32\DRIVERS\MAudioFastTrack.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-17 02:21 - 2013-07-17 02:21 - 00000000 ____D C:\FRST
2013-07-17 02:20 - 2013-07-17 02:20 - 01218600 _____ (Farbar) C:\Users\Brett Sjoholm\Desktop\FRST.exe
2013-07-17 01:42 - 2013-07-17 01:43 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Tragic Kingdom[mp3 320 Kbps][The Raven]
2013-07-17 01:38 - 2013-07-17 01:40 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Push And Shove [2012]
2013-07-17 01:19 - 2013-07-17 01:23 - 00000135 _____ C:\Users\Brett Sjoholm\Desktop\
.bat
2013-07-17 01:15 - 2013-07-17 01:15 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Microsoft_Corporation
2013-07-13 18:03 - 2013-07-15 08:24 - 228005726 _____ C:\Users\Brett Sjoholm\Desktop\Scamper The Penguin.mp4
2013-07-13 17:49 - 2013-07-16 20:46 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\Greys Anatomy
2013-07-12 14:05 - 2013-07-12 14:05 - 00145656 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-10 19:24 - 2013-07-10 19:29 - 00000000 ____D C:\Intel
2013-07-10 13:47 - 2013-07-10 13:50 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 13:14 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-07-10 00:32 - 2013-07-10 19:09 - 00000000 ____D C:\Program Files\Driver Fusion
2013-07-09 23:37 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 23:37 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-09 23:37 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-09 23:37 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-09 23:37 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-09 23:37 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 23:37 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-08 19:16 - 2013-07-08 19:58 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-08 13:12 - 2013-07-08 13:03 - 00000763 _____ C:\Users\Brett Sjoholm\Documents\Speccy.lnk
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setupact.log
2013-07-08 13:03 - 2013-07-08 13:03 - 00000000 ____D C:\Program Files\Speccy
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\noahdfear_tools
2013-07-03 16:08 - 2013-07-03 16:12 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 16:08 - 2013-07-03 16:12 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 14:43 - 2013-07-03 14:43 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\NeoSmart_Technologies
2013-07-03 14:36 - 2013-07-08 21:28 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2013-07-02 18:52 - 2013-07-03 14:45 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\TypingMaster7
2013-07-02 18:52 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Thinstall
2013-06-26 12:48 - 2013-06-26 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-19 13:11 - 2013-07-12 14:05 - 323243125 _____ C:\Windows\MEMORY.DMP
2013-06-19 13:11 - 2013-06-19 13:11 - 00143288 _____ C:\Windows\Minidump\Mini061913-01.dmp
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 21:10 - 2013-06-17 21:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-17 21:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-06-17 20:46 - 2013-07-10 19:27 - 00005806 _____ C:\Windows\PFRO.log
2013-06-17 20:02 - 2010-02-19 10:01 - 00035280 _____ (NTWind Software) C:\Program Files\CloseAll x86.exe
==================== One Month Modified Files and Folders =======
2013-07-17 02:21 - 2013-07-17 02:21 - 00000000 ____D C:\FRST
2013-07-17 02:20 - 2013-07-17 02:20 - 01218600 _____ (Farbar) C:\Users\Brett Sjoholm\Desktop\FRST.exe
2013-07-17 02:20 - 2011-08-17 17:40 - 00000000 ___RD C:\Users\Brett Sjoholm\Desktop
2013-07-17 02:20 - 2011-08-17 17:40 - 00000000 ___RD C:\Users\Brett Sjoholm\Desktop
2013-07-17 02:16 - 2011-08-17 00:12 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\uTorrent
2013-07-17 02:14 - 2011-08-14 07:05 - 01066156 _____ C:\Windows\WindowsUpdate.log
2013-07-17 02:04 - 2012-07-21 23:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 02:00 - 2013-05-18 01:28 - 00000502 _____ C:\Windows\Tasks\1-Click Maintenance.job
2013-07-17 01:43 - 2013-07-17 01:42 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Tragic Kingdom[mp3 320 Kbps][The Raven]
2013-07-17 01:40 - 2013-07-17 01:38 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Push And Shove [2012]
2013-07-17 01:28 - 2013-05-29 20:48 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\XBMC
2013-07-17 01:25 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 01:25 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 01:25 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 01:24 - 2006-11-02 08:58 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 01:23 - 2013-07-17 01:19 - 00000135 _____ C:\Users\Brett Sjoholm\Desktop\.bat
2013-07-17 01:15 - 2013-07-17 01:15 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Microsoft_Corporation
2013-07-16 23:45 - 2011-09-02 20:19 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Malware Removal University
2013-07-16 22:33 - 2011-08-14 08:08 - 00012288 _____ C:\Users\BRETTS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 20:46 - 2013-07-13 17:49 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\Greys Anatomy
2013-07-15 15:22 - 2011-08-29 16:02 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Files
2013-07-15 08:24 - 2013-07-13 18:03 - 228005726 _____ C:\Users\Brett Sjoholm\Desktop\Scamper The Penguin.mp4
2013-07-13 22:09 - 2011-08-17 14:54 - 00001044 _____ C:\Users\Brett Sjoholm\AppData\Roaming\vso_ts_preview.xml
2013-07-13 22:09 - 2011-08-17 14:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Vso
2013-07-13 22:00 - 2011-08-19 05:02 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\ConvertXtoDVD
2013-07-12 14:05 - 2013-07-12 14:05 - 00145656 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 14:05 - 2013-06-19 13:11 - 323243125 _____ C:\Windows\MEMORY.DMP
2013-07-12 14:05 - 2011-08-19 04:58 - 00000000 ____D C:\Windows\Minidump
2013-07-10 19:30 - 2008-09-30 14:56 - 00000000 ____D C:\Program Files\Intel
2013-07-10 19:29 - 2013-07-10 19:24 - 00000000 ____D C:\Intel
2013-07-10 19:29 - 2011-08-14 07:56 - 00000000 ___RD C:\Users\Brett Sjoholm
2013-07-10 19:27 - 2013-06-17 20:46 - 00005806 _____ C:\Windows\PFRO.log
2013-07-10 19:27 - 2011-08-14 07:20 - 00000000 ____D C:\Windows\system32\Lang
2013-07-10 19:09 - 2013-07-10 00:32 - 00000000 ____D C:\Program Files\Driver Fusion
2013-07-10 18:51 - 2008-09-30 15:28 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-10 13:50 - 2013-07-10 13:47 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-07-10 00:20 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-09 23:55 - 2006-11-02 08:44 - 02347056 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 23:52 - 2006-11-02 08:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-09 23:30 - 2006-11-02 07:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-08 21:34 - 2006-11-02 02:25 - 00000010 __RSH C:\config.sys
2013-07-08 21:28 - 2013-07-03 14:36 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2013-07-08 20:01 - 2011-08-14 07:57 - 00125672 _____ C:\Users\BRETTS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-08 19:58 - 2013-07-08 19:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-08 13:12 - 2012-12-15 07:05 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Launcher
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setupact.log
2013-07-08 13:03 - 2013-07-08 13:12 - 00000763 _____ C:\Users\Brett Sjoholm\Documents\Speccy.lnk
2013-07-08 13:03 - 2013-07-08 13:03 - 00000000 ____D C:\Program Files\Speccy
2013-07-06 22:35 - 2013-05-31 19:32 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\XBMC
2013-07-06 22:35 - 2011-12-09 02:13 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\xwidget
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\noahdfear_tools
2013-07-03 16:12 - 2013-07-03 16:08 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 16:12 - 2013-07-03 16:08 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 15:58 - 2011-08-14 07:57 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Google
2013-07-03 15:58 - 2008-09-30 15:33 - 00000000 ____D C:\Program Files\Google
2013-07-03 14:45 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\TypingMaster7
2013-07-03 14:43 - 2013-07-03 14:43 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\NeoSmart_Technologies
2013-07-02 18:52 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Thinstall
2013-06-29 00:10 - 2012-05-04 16:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 12:48 - 2013-06-26 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-24 00:37 - 2006-11-02 06:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-19 13:11 - 2013-06-19 13:11 - 00143288 _____ C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 17:16 - 2011-08-14 14:07 - 00000000 ____D C:\Program Files\StartKiller
2013-06-18 13:46 - 2013-06-06 18:03 - 00000000 ____D C:\Program Files\Audio Convert Toolbox
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 22:14 - 2011-12-09 02:13 - 00000000 ____D C:\Program Files\XWidget
2013-06-17 21:10 - 2013-06-17 21:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-17 20:46 - 2008-09-30 13:56 - 00000000 ____D C:\Program Files\Toshiba
2013-06-17 20:17 - 2013-05-29 20:45 - 00000000 ____D C:\Program Files\XBMC
2013-06-17 19:38 - 2008-09-30 14:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-17 19:30 - 2013-06-16 00:04 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\toshiba
2013-06-17 17:57 - 2011-08-14 07:57 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Toshiba
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
displayorder {current}
{current}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{memdiag}
timeout 10
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}
Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
nx OptIn
Resume from Hibernate
---------------------
identifier {c3083f8b-8f1e-11dd-ab96-001e33463af1}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi
LastRegBack: 2013-07-17 01:33
==================== End Of Log ============================