Can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lynda Nicole (administrator) on QUALITYREVIEWS on 28-03-2014 20:23:53
Running from C:\Users\Lynda Nicole\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-07-30] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-06-24] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [L09AXLRD_28746959] - "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" -m
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Desktop Software] - "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Facebook Update] - C:\Users\Lynda Nicole\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Google Update] - C:\Users\Lynda Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-29] (Google Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Lynda Nicole\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {0b58a8cb-9e70-11e0-8f58-e0699516ab3b} - F:\LiteAuto.exe
HKU\S-1-5-21-3700065819-3803022968-2199414553-1000\...\MountPoints2: {8800261d-46d3-11e3-acbc-e0699516ab3b} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Lynda Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/?ocid=OIE9HP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88}
http://www.convergysworkathome.com/AppHardT.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 143.61.195.18 d2000-okc
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://xfinity.comcast.net/?cid=insDate09282012
CHR DefaultSearchKeyword: ask
CHR DefaultSearchProvider: Norton Safe Search
CHR DefaultSearchURL:
http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Lynda Nicole\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Lynda Nicole\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Hulu Desktop) - C:\Users\Lynda Nicole\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-30]
CHR Extension: (YouTube) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-29]
CHR Extension: (Google Search) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-29]
CHR Extension: (Cloud Reader) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-06-15]
CHR Extension: (Skype Click to Call) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-13]
CHR Extension: (Norton Identity Protection) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-09-26]
CHR Extension: (Google Wallet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-29]
CHR Extension: (Space Planet) - C:\Users\Lynda Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-02-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\LYNDAN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-20]
==================== Services (Whitelisted) =================
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [125552 2010-07-30] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2011-05-07] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2011-05-07] ()
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.)
==================== Drivers (Whitelisted) ====================
R3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-12-29] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\ENG64.SYS [126040 2014-03-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140328.017\EX64.SYS [2099288 2014-03-26] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 20:23 - 2014-03-28 20:24 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
2014-03-28 19:50 - 2014-03-28 20:00 - 00000000 ____D () C:\AdwCleaner
2014-03-27 21:46 - 2014-03-27 22:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:11 - 2009-07-13 20:41 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-03-27 20:58 - 2014-03-27 21:22 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
2014-03-23 13:46 - 2014-03-28 19:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
2014-03-23 11:37 - 2014-03-23 13:24 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
2014-03-21 17:02 - 2014-03-22 04:34 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
2014-03-16 15:19 - 2014-03-27 21:22 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
2014-03-13 02:45 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 02:45 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 02:45 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 02:45 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 02:45 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 02:45 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 02:45 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 02:45 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 02:45 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 02:45 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 02:45 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 02:45 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 02:45 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 02:45 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 02:45 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 02:45 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 02:45 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 02:45 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 02:45 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 02:45 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 02:45 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 02:45 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 02:45 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 02:45 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 02:45 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 02:45 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 02:45 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 02:45 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 02:45 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 02:45 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 02:45 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 02:45 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 02:45 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 02:45 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 02:45 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 02:45 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 02:45 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 02:45 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 02:45 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 02:45 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 02:45 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 02:45 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 02:45 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 02:45 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 02:44 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 02:44 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 02:44 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 02:44 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
2014-03-09 07:18 - 2014-03-09 07:19 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
==================== One Month Modified Files and Folders =======
2014-03-28 20:24 - 2014-03-28 20:23 - 00021412 _____ () C:\Users\Lynda Nicole\Desktop\FRST.txt
2014-03-28 20:23 - 2014-03-28 20:23 - 00000000 ____D () C:\FRST
2014-03-28 20:22 - 2014-03-28 20:22 - 02157056 _____ (Farbar) C:\Users\Lynda Nicole\Desktop\FRST64.exe
2014-03-28 20:20 - 2014-03-28 20:20 - 00003090 _____ () C:\Users\Lynda Nicole\Desktop\JRT.txt
2014-03-28 20:19 - 2012-05-29 18:16 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:12 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:11 - 2012-08-12 08:58 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\ID Vault
2014-03-28 20:10 - 2014-03-28 20:10 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 20:08 - 2014-03-28 20:08 - 01038974 _____ (Thisisu) C:\Users\Lynda Nicole\Desktop\JRT.exe
2014-03-28 20:07 - 2010-12-07 17:06 - 01722626 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 20:05 - 2012-07-03 12:36 - 00000000 ___RD () C:\Users\Lynda Nicole\Google Drive
2014-03-28 20:03 - 2012-07-03 12:33 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 20:02 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 20:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 20:02 - 2009-07-13 23:51 - 00085730 _____ () C:\Windows\setupact.log
2014-03-28 20:00 - 2014-03-28 19:50 - 00000000 ____D () C:\AdwCleaner
2014-03-28 19:46 - 2014-03-23 13:46 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForLynda Nicole.job
2014-03-28 19:34 - 2012-07-03 12:33 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 19:04 - 2011-09-14 20:54 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA.job
2014-03-28 17:28 - 2012-08-12 08:56 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-03-28 16:19 - 2012-05-29 18:16 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
2014-03-28 16:14 - 2012-05-29 18:16 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000UA
2014-03-28 16:14 - 2012-05-29 18:16 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core
2014-03-28 16:04 - 2011-09-14 20:54 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700065819-3803022968-2199414553-1000Core.job
2014-03-27 22:14 - 2014-03-27 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 21:46 - 2014-03-27 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:22 - 2014-03-27 20:58 - 00000000 ____D () C:\Users\Lynda Nicole\Desktop\RK_Quarantine
2014-03-27 21:22 - 2014-03-16 15:19 - 00000081 _____ () C:\Windows\system32\tcpufx.iut
2014-03-27 20:40 - 2011-09-27 20:04 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-27 19:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-27 15:29 - 2012-07-03 12:33 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 15:29 - 2012-07-03 12:33 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 22:53 - 2014-03-26 22:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Weblog Posts
2014-03-26 22:53 - 2011-06-08 17:01 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\Windows Live Writer
2014-03-25 05:07 - 2009-07-14 00:13 - 00796550 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 18:26 - 2012-08-26 19:51 - 00000464 _____ () C:\Windows\demdata.txt
2014-03-23 18:21 - 2013-04-29 20:53 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\PDF Architect Files
2014-03-23 14:11 - 2014-03-23 14:11 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\LavasoftStatistics
2014-03-23 13:46 - 2014-03-23 13:46 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynda Nicole
2014-03-23 13:24 - 2014-03-23 11:37 - 00000408 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-03-23 13:05 - 2013-07-13 21:15 - 27955810 _____ () C:\Users\Lynda Nicole\ovpntray.log
2014-03-23 12:14 - 2012-03-04 08:53 - 00039572 _____ () C:\aaw7boot.log
2014-03-23 11:42 - 2014-03-23 11:42 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-13257.exe
2014-03-23 11:38 - 2014-03-23 11:38 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-12431.exe
2014-03-23 11:34 - 2014-03-23 11:34 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64-11693.exe
2014-03-23 11:33 - 2014-03-23 11:33 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore64.exe
2014-03-23 11:32 - 2014-03-23 11:32 - 00001209 _____ () C:\Users\Lynda Nicole\Desktop\iExplore - Shortcut.lnk
2014-03-23 11:31 - 2014-03-23 11:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Lynda Nicole\Downloads\iExplore.exe
2014-03-23 11:26 - 2014-01-30 20:53 - 00003618 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-03-23 10:55 - 2014-03-23 10:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Lynda Nicole\Desktop\abc123.com.exe
2014-03-22 15:29 - 2011-03-28 09:39 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\BitTorrent
2014-03-22 14:58 - 2014-03-22 14:58 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\300 - Rise Of An Empire 2014 HDRiP.XViD.MP3-ART3MiS
2014-03-22 11:54 - 2010-12-07 21:02 - 01063120 _____ () C:\Windows\PFRO.log
2014-03-22 04:34 - 2014-03-21 17:02 - 00019620 _____ () C:\Windows\ntbtlog.txt.bak
2014-03-21 21:09 - 2011-09-30 20:07 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-03-21 21:09 - 2011-09-30 20:07 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-03-21 16:59 - 2014-03-21 16:59 - 00000000 ____D () C:\ProgramData\SMR410
2014-03-21 15:54 - 2013-06-04 10:41 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Local\NPE
2014-03-20 05:36 - 2014-03-20 05:36 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Hobbit The Desolation of Smaug (2013) [1080p]
2014-03-19 05:17 - 2014-03-19 05:17 - 00000000 ____D () C:\Users\Lynda Nicole\AppData\Roaming\Mozilla
2014-03-19 03:04 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2011-03-30 21:15 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:29 - 2011-10-25 18:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 17:29 - 2011-03-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-16 15:08 - 2014-03-16 15:08 - 00000064 _____ () C:\Windows\system32\buueg.zya
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 _____ () C:\Windows\system32\rusus.hsn
2014-03-16 14:52 - 2014-03-16 14:52 - 00377329 ____S () C:\Windows\system32\qcymkf.gpf
2014-03-16 14:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-15 15:19 - 2013-03-05 18:53 - 00002413 _____ () C:\Users\Lynda Nicole\Desktop\Google Chrome.lnk
2014-03-14 21:04 - 2011-09-27 20:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 03:26 - 2009-07-13 23:45 - 00499064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:24 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:04 - 2011-10-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 18:31 - 2014-03-11 18:31 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Anchorman 2 The Legend Continues (2013) UNRATED 1080p WEBRip x264-TheKing
2014-03-09 07:29 - 2012-05-27 09:08 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\My Digital Editions
2014-03-09 07:19 - 2014-03-09 07:18 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\The Breath of a Wok - Unlocking the Spirit of Chinese Cooking Through Recipes + Chinese Cookbook Quick and Easy Dishes - Mantesh
2014-03-09 06:07 - 2013-01-22 08:32 - 00000000 ____D () C:\Users\Lynda Nicole\Documents\Corpsman Docs
2014-03-08 11:35 - 2014-03-08 11:35 - 00000000 ____D () C:\Users\Lynda Nicole\Downloads\Mastermind (Deluxe Version)
2014-03-04 18:28 - 2011-03-27 22:07 - 00000000 ____D () C:\Users\Lynda Nicole
2014-03-04 04:01 - 2011-07-19 17:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 04:01 - 2011-07-19 17:14 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 01:05 - 2014-03-13 02:45 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-13 02:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-13 02:45 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-13 02:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-13 02:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-13 02:45 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-13 02:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-13 02:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-13 02:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-13 02:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-13 02:45 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-13 02:45 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-13 02:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-13 02:45 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-13 02:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-13 02:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-13 02:45 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-13 02:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-13 02:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-13 02:45 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-13 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-13 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-13 02:45 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-13 02:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-13 02:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-13 02:45 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-13 02:45 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-13 02:45 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-13 02:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-13 02:45 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-13 02:45 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-13 02:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-13 02:45 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-13 02:45 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-13 02:45 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-13 02:45 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-13 02:45 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-13 02:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-13 02:45 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 04:02 - 2010-12-07 17:16 - 00788672 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Lynda Nicole\AppData\Roaming\skype.ini
Some content of TEMP:
====================
C:\Users\Lynda Nicole\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lynda Nicole\AppData\Local\Temp\ose00000.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\rootsupd.exe
C:\Users\Lynda Nicole\AppData\Local\Temp\YontooSetup-Silent-0DB0.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 12:54
==================== End Of Log ============================