Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015 Ran by SYSTEM on MININT-QI408NM on 11-07-2015 01:52:04 Running from e:\ Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) HKU\Dad\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD) HKU\Dad\...\Run: [Steam] => C:\SteamApps\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation) HKU\Eileen\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-25] (Google Inc.) HKU\Eileen\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-30] (SUPERAntiSpyware) HKU\Kevin\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-25] (Google Inc.) HKU\Kevin\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation) HKU\Kevin\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe [650928 2015-01-03] (Adobe Systems Incorporated) HKU\Mom\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-25] (Google Inc.) HKU\Mom\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe [650928 2015-01-03] (Adobe Systems Incorporated) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1145216 2015-05-24] () S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation) S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150617.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-26] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-26] (Symantec Corporation) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-02] (GFI Software) S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.) S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150623.002\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150623.005\ENG64.SYS [138488 2015-06-23] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150623.005\EX64.SYS [2146040 2015-06-23] (Symantec Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-06-04] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-25] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation) S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.) S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.) S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X] S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 01:51 - 2015-07-11 01:52 - 00000000 ____D C:\FRST 2015-06-13 03:28 - 2015-06-13 03:28 - 00000000 ____D C:\Users\Mom\Desktop\Elmer Stories ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-10 20:56 - 2014-06-15 16:34 - 00000000 ____D C:\ProgramData\Overwolf 2015-07-10 20:56 - 2014-06-15 16:34 - 00000000 ____D C:\Program Files (x86)\Overwolf 2015-07-10 20:56 - 2013-08-04 01:25 - 00000000 ____D C:\ProgramData\Norton 2015-07-10 20:56 - 2013-08-03 13:42 - 00000000 ____D C:\users\Mom 2015-07-10 20:56 - 2013-08-03 09:52 - 00000000 ____D C:\users\Kevin 2015-07-10 20:56 - 2013-08-03 09:45 - 00000000 ____D C:\users\Eileen 2015-07-10 20:56 - 2013-08-03 04:54 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-10 20:56 - 2013-08-03 04:24 - 00000000 ____D C:\users\Dad 2015-07-10 20:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2015-07-10 20:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2015-07-03 05:33 - 2013-09-27 10:51 - 00000000 ____D C:\Users\Mom\AppData\Local\CrashDumps 2015-06-23 19:46 - 2013-08-03 06:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-23 17:02 - 2014-12-25 11:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-06-23 12:44 - 2013-08-03 04:25 - 01353290 _____ C:\Windows\WindowsUpdate.log 2015-06-22 20:46 - 2013-08-03 06:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-15 13:40 - 2009-07-13 20:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-15 13:40 - 2009-07-13 20:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 Some files in TEMP: ==================== C:\Users\Dad\AppData\Local\Temp\BlackBerryDeviceManager.exe C:\Users\Dad\AppData\Local\Temp\ose00000.exe C:\Users\Kevin\AppData\Local\Temp\BlackBerryDeviceManager.exe C:\Users\Kevin\AppData\Local\Temp\BlackBerryLauncher.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-05-23 08:39:53 Restore point made on: 2015-05-30 20:00:12 Restore point made on: 2015-06-07 20:00:09 Restore point made on: 2015-06-15 20:29:54 Restore point made on: 2015-06-23 20:00:11 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8191.27 MB Available physical RAM: 7414.77 MB Total Virtual: 8189.42 MB Available Virtual: 7407.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:692.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 49AC8A74) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2015-06-22 20:26 ==================== End of log ============================