Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 01 Ran by SYSTEM on MININT-3QDGETA on 26-04-2014 19:48:12 Running from H:\ Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [QuickTime Task] => C:\Program Files\_Player\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\_Player\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.) HKU\missjm\...\Run: [AdobeBridge] => [X] HKU\missjm\...\Run: [uTorrent] => C:\Users\missjm\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-01-22] (BitTorrent Inc.) HKU\missjm\...\Run: [WordWeb] => C:\Program Files\_Tools\WordWeb Pro\wweb32.exe [77064 2012-04-20] () HKU\missjm\...\Run: [NetLimiter] => C:\Program Files\_Tools\NetLimiter 3\NLClientApp.exe [1844864 2013-10-10] (Locktime Software) HKU\missjm\...\Run: [Google Update] => C:\Users\missjm\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-16] (Google Inc.) HKU\missjm\...\Run: [Skype] => C:\Program Files\_Messenger\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) Startup: C:\Users\missjm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 Agile1Password; C:\Program Files\_Tools\1Password\Agile1pService.exe [768784 2013-08-06] (AgileBits) S2 nlsvc; C:\Program Files\_Tools\NetLimiter 3\nlsvc.exe [1132160 2013-10-10] (Locktime Software) S2 SkypeUpdate; C:\Program Files\_Messenger\Skype\Updater\Updater.exe [172192 2013-10-22] (Skype Technologies) ==================== Drivers (Whitelisted) ==================== S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2009-09-17] (Intel Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () S3 NLNdisMP; C:\Windows\System32\DRIVERS\nlndis.sys [5229360 2013-06-11] (Locktime Software) S3 NLNdisPT; C:\Windows\System32\DRIVERS\nlndis.sys [5229360 2013-06-11] (Locktime Software) S1 nltdi; C:\Program Files\_Tools\NetLimiter 3\nltdi.sys [5280944 2013-06-11] (Locktime Software) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-07-14] (Duplex Secure Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-26 18:49 - 2014-04-26 18:49 - 00000000 ____D () C:\Windows\System32\config\HiveBackup 2014-04-26 18:20 - 2014-04-26 19:48 - 00000000 ____D () C:\FRST 2014-04-01 23:24 - 2014-04-01 23:24 - 00000730 _____ () C:\Users\missjm\Desktop\BSchool.lnk 2014-04-01 08:01 - 2014-04-01 08:06 - 00000528 ____H () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard Nelson Bolles.mbp 2014-04-01 08:01 - 2014-03-30 06:48 - 10739950 ____R () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard Nelson Bolles.mobi 2014-03-30 07:04 - 2014-03-30 07:04 - 00574560 _____ () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.prc 2014-03-30 07:03 - 2014-03-30 07:04 - 00000500 ____H () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.mbp 2014-03-30 07:03 - 2014-03-29 09:43 - 00556091 ____R () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.mobi 2014-03-30 06:50 - 2014-03-30 06:48 - 10739950 ____R () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.mobi 2014-03-30 06:49 - 2014-03-30 06:50 - 00000484 ____H () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.mbp 2014-03-30 06:49 - 2014-03-30 06:49 - 03936740 _____ () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.prc 2014-03-30 06:30 - 2014-03-30 06:32 - 00000456 ____H () C:\Users\missjm\Documents\The War Of Art - Steven Pressfield.mbp 2014-03-30 06:30 - 2012-07-20 02:19 - 00156695 _____ () C:\Users\missjm\Documents\The War Of Art - Steven Pressfield.mobi 2014-03-30 06:26 - 2014-03-30 06:26 - 02209264 _____ () C:\Users\missjm\Documents\Finding Your Own North Star - Martha Beck.prc 2014-03-30 06:26 - 2014-03-30 06:26 - 00000368 ____H () C:\Users\missjm\Documents\Finding Your Own North Star - Martha Beck.mbp 2014-03-30 06:07 - 2014-03-30 06:07 - 00349204 _____ () C:\Users\missjm\Documents\So good they cant ignore you - cal.prc 2014-03-30 06:07 - 2014-03-30 06:07 - 00000476 ____H () C:\Users\missjm\Documents\So good they cant ignore you - cal.mbp 2014-03-30 02:45 - 2014-04-21 18:11 - 00000000 ____D () C:\Users\missjm\Desktop\TEMP-d 2014-03-29 09:56 - 2014-03-29 10:03 - 00000464 ____H () C:\Users\missjm\Documents\Tom Rath - Strengths Finder 2.0.mbp 2014-03-29 09:56 - 2014-03-29 09:56 - 00268300 _____ () C:\Users\missjm\Documents\Tom Rath - Strengths Finder 2.0.prc ==================== One Month Modified Files and Folders ======= 2014-04-26 19:48 - 2014-04-26 18:20 - 00000000 ____D () C:\FRST 2014-04-26 18:49 - 2014-04-26 18:49 - 00000000 ____D () C:\Windows\System32\config\HiveBackup 2014-04-21 21:19 - 2013-09-04 19:24 - 00000000 ____D () C:\Users\missjm\AppData\Roaming\Skype 2014-04-21 21:19 - 2013-08-26 08:57 - 00000000 ____D () C:\Users\missjm\AppData\Roaming\uTorrent 2014-04-21 21:19 - 2013-07-14 14:16 - 01110038 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 20:04 - 2013-08-26 09:35 - 00000000 ____D () C:\Users\missjm\AppData\Roaming\Dropbox 2014-04-21 18:20 - 2013-09-14 10:15 - 00000000 ____D () C:\Users\missjm\AppData\Local\Adobe 2014-04-21 18:11 - 2014-03-30 02:45 - 00000000 ____D () C:\Users\missjm\Desktop\TEMP-d 2014-04-21 18:11 - 2013-09-15 01:46 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-04-21 18:11 - 2013-09-15 01:46 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-04-21 17:55 - 2009-07-13 20:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 17:55 - 2009-07-13 20:34 - 00031280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 17:48 - 2013-08-26 08:33 - 00000000 ____D () C:\Users\missjm\AppData\Roaming\vlc 2014-04-21 17:47 - 2014-01-30 16:54 - 00010100 _____ () C:\Windows\setupact.log 2014-04-16 21:02 - 2010-11-20 13:01 - 00726316 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-04-12 06:50 - 2013-09-14 08:26 - 00000000 ____D () C:\Users\missjm\AppData\Local\CrashDumps 2014-04-12 05:14 - 2013-08-26 06:04 - 00108824 _____ () C:\Users\missjm\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-12 05:12 - 2009-07-13 20:33 - 03806216 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-04-11 20:01 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF 2014-04-04 20:09 - 2013-11-13 21:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-04 08:43 - 2013-08-26 08:30 - 00000000 ____D () C:\Program Files\_Browser 2014-04-03 00:09 - 2013-07-14 14:33 - 00000000 ____D () C:\Users\missjm\AppData\Local\Microsoft Help 2014-04-01 23:24 - 2014-04-01 23:24 - 00000730 _____ () C:\Users\missjm\Desktop\BSchool.lnk 2014-04-01 08:06 - 2014-04-01 08:01 - 00000528 ____H () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard Nelson Bolles.mbp 2014-04-01 08:01 - 2014-01-30 04:02 - 00000000 ____D () C:\Users\missjm\Documents\Covers 2014-03-31 06:15 - 2013-08-26 08:30 - 00000000 ____D () C:\Program Files\_Games 2014-03-30 07:04 - 2014-03-30 07:04 - 00574560 _____ () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.prc 2014-03-30 07:04 - 2014-03-30 07:03 - 00000500 ____H () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.mbp 2014-03-30 06:50 - 2014-03-30 06:49 - 00000484 ____H () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.mbp 2014-03-30 06:49 - 2014-03-30 06:49 - 03936740 _____ () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.prc 2014-03-30 06:48 - 2014-04-01 08:01 - 10739950 ____R () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard Nelson Bolles.mobi 2014-03-30 06:48 - 2014-03-30 06:50 - 10739950 ____R () C:\Users\missjm\Documents\What Color Is Your Parachute - Richard N Bolles.mobi 2014-03-30 06:32 - 2014-03-30 06:30 - 00000456 ____H () C:\Users\missjm\Documents\The War Of Art - Steven Pressfield.mbp 2014-03-30 06:26 - 2014-03-30 06:26 - 02209264 _____ () C:\Users\missjm\Documents\Finding Your Own North Star - Martha Beck.prc 2014-03-30 06:26 - 2014-03-30 06:26 - 00000368 ____H () C:\Users\missjm\Documents\Finding Your Own North Star - Martha Beck.mbp 2014-03-30 06:07 - 2014-03-30 06:07 - 00349204 _____ () C:\Users\missjm\Documents\So good they cant ignore you - cal.prc 2014-03-30 06:07 - 2014-03-30 06:07 - 00000476 ____H () C:\Users\missjm\Documents\So good they cant ignore you - cal.mbp 2014-03-29 10:03 - 2014-03-29 09:56 - 00000464 ____H () C:\Users\missjm\Documents\Tom Rath - Strengths Finder 2.0.mbp 2014-03-29 09:56 - 2014-03-29 09:56 - 00268300 _____ () C:\Users\missjm\Documents\Tom Rath - Strengths Finder 2.0.prc 2014-03-29 09:43 - 2014-03-30 07:03 - 00556091 ____R () C:\Users\missjm\Documents\The Five Love Languages by Gary Chapman , Yasser.mobi Some content of TEMP: ==================== C:\Users\missjm\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\missjm\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzwqu0.dll C:\Users\missjm\AppData\Local\Temp\Quarantine.exe C:\Users\missjm\AppData\Local\Temp\spiceworks_redist.exe C:\Users\missjm\AppData\Local\Temp\spiceworks_redist_10.exe C:\Users\missjm\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4043.36 MB Available physical RAM: 3524.79 MB Total Pagefile: 4041.64 MB Available Pagefile: 3530.09 MB Total Virtual: 2047.88 MB Available Virtual: 1953.56 MB ==================== Drives ================================ Drive c: (JM-WIN) (Fixed) (Total:49.96 GB) (Free:15.01 GB) NTFS Drive d: (JM-MEDIA) (Fixed) (Total:50 GB) (Free:15.4 GB) NTFS Drive e: (JM-PROJS) (Fixed) (Total:365.7 GB) (Free:206.23 GB) NTFS Drive g: (GSP1RMCPRFRER_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF Drive h: (JM-2GO) (Removable) (Total:3.77 GB) (Free:2.21 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7D2B4110) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=366 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=50 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS) LastRegBack: 2014-04-11 21:21 ==================== End Of Log ============================