Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014
Ran by SYSTEM on MININT-URBR4BR on 12-10-2014 11:26:06
Running from F:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931536 2011-01-12] (Intel® Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-03-17] (TOSHIBA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\windows\system32\rstrui.exe [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Guest\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc.)
HKU\Jennifer\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc.)
HKU\Parthiv\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\Parthiv\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc.)
HKU\Parthiv\...\Run: [Google Update] => C:\Users\Parthiv\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-09] (Google Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-12] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 OfflinePlayerService; C:\Users\Public\Harbinger Systems\Offline Player\view\OfflinePlayerService.exe [73728 2014-03-11] ()
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-04-24] (Wajam) <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141009.002\IDSvia64.sys [633560 2014-09-01] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141009.016\ENG64.SYS [129752 2014-09-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141009.016\EX64.SYS [2137304 2014-09-25] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-07-22] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-07-22] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-07-22] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 11:25 - 2014-10-12 11:26 - 00000000 ____D () C:\FRST
2014-10-11 19:24 - 2014-10-11 19:24 - 00000000 ____D () C:\ProgramData\SMR430
2014-10-07 13:18 - 2014-10-07 13:18 - 00000000 ____D () C:\Users\Parthiv\Documents\20141007-W262T2 Stay Ahead of the Curve! Reforms for Guidance for Fed(669767331)
2014-10-04 13:05 - 2014-10-04 13:05 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-09-23 10:50 - 2014-09-23 10:50 - 00013824 _____ () C:\Users\Parthiv\Downloads\PICSCHEDULE_2014 (1).xls
2014-09-23 08:47 - 2014-09-23 08:47 - 00013824 _____ () C:\Users\Parthiv\Downloads\PICSCHEDULE_2014.xls
2014-09-21 17:45 - 2014-09-21 17:46 - 00845597 _____ () C:\Users\Parthiv\Downloads\ExportBundleCoursesToExcel (1)
2014-09-21 17:41 - 2014-09-21 17:41 - 00845597 _____ () C:\Users\Parthiv\Downloads\ExportBundleCoursesToExcel
2014-09-19 09:02 - 2014-09-19 09:12 - 00000000 ____D () C:\ProgramData\WebEx
2014-09-19 09:01 - 2014-09-19 09:01 - 00220456 _____ (Cisco WebEx LLC) C:\Users\Parthiv\Downloads\,join-test,1594239231,-1281699182,MC,0-0,SDJTSwAAAAElEnz_f3wgZCWH3pafGpuGHFBkQqiRpX4gVpn7i7RuEw2_webex.exe
2014-09-19 08:45 - 2014-09-19 09:02 - 00000000 ____D () C:\Users\Parthiv\AppData\Local\WebEx
2014-09-19 08:45 - 2014-09-19 08:45 - 00631744 _____ (Cisco WebEx LLC) C:\Users\Parthiv\Downloads\Cisco_WebEx_Add-On (1).exe
2014-09-19 08:45 - 2014-09-19 08:45 - 00000000 ____D () C:\Users\Parthiv\AppData\Roaming\Mozilla
2014-09-19 08:44 - 2014-09-19 08:44 - 00631744 _____ (Cisco WebEx LLC) C:\Users\Parthiv\Downloads\Cisco_WebEx_Add-On.exe
2014-09-12 09:24 - 2014-09-04 18:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-12 09:24 - 2014-09-04 17:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 01:10 - 2010-09-29 00:09 - 00000000 ____D () C:\users\Guest
2014-10-12 01:10 - 2010-08-29 09:26 - 00000000 ____D () C:\Users\Parthiv\AppData\Roaming\Skype
2014-10-12 01:10 - 2010-08-28 19:59 - 00000000 ____D () C:\users\Jennifer
2014-10-12 01:10 - 2010-07-14 18:51 - 00000000 ____D () C:\users\Parthiv
2014-10-12 01:10 - 2010-05-15 04:48 - 00000000 ____D () C:\ProgramData\Norton
2014-10-12 01:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-11 19:23 - 2014-09-01 17:18 - 00000000 ____D () C:\Users\Parthiv\AppData\Local\NPE
2014-10-11 19:18 - 2010-09-08 10:34 - 00000000 ____D () C:\Users\Parthiv\Documents\Girls
2014-10-10 10:45 - 2012-07-19 09:52 - 00000000 __SHD () C:\Users\Parthiv\Documents\cache
2014-10-10 07:17 - 2011-06-28 11:43 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131133104-2688936539-2419433585-1000UA.job
2014-10-10 06:52 - 2014-06-04 09:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-131133104-2688936539-2419433585-1000.job
2014-10-10 06:50 - 2010-08-28 20:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 04:55 - 2010-05-15 04:12 - 01810697 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 03:30 - 2011-06-28 11:43 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131133104-2688936539-2419433585-1000Core.job
2014-10-09 10:50 - 2010-08-28 20:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 11:02 - 2014-06-04 09:01 - 00003600 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-131133104-2688936539-2419433585-1000
2014-10-07 07:15 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 07:15 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 07:07 - 2010-09-27 06:19 - 00000000 ____D () C:\Users\Parthiv\AppData\Local\CrashDumps
2014-10-07 07:04 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 07:04 - 2009-07-13 20:51 - 00203415 _____ () C:\Windows\setupact.log
2014-10-06 17:48 - 2013-11-07 17:45 - 00031470 _____ () C:\Users\Parthiv\Desktop\Jen To Do.xlsx
2014-10-05 16:54 - 2010-04-08 18:34 - 00994422 _____ () C:\Windows\PFRO.log
2014-10-04 13:04 - 2014-09-01 16:50 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-04 13:04 - 2014-09-01 16:50 - 00002330 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-04 13:04 - 2014-09-01 16:43 - 00000000 ____D () C:\Windows\System32\Drivers\N360x64
2014-09-23 19:19 - 2014-05-30 18:10 - 00012488 _____ () C:\Users\Parthiv\Desktop\Summer Fun.xlsx
2014-09-21 17:51 - 2010-09-03 05:30 - 00001744 _____ () C:\Users\Parthiv\AppData\Roaming\wklnhst.dat
2014-09-19 09:05 - 2012-07-19 09:52 - 00000000 ____D () C:\Users\Parthiv\AppData\Roaming\webex
2014-09-16 17:23 - 2013-12-29 21:11 - 00017124 _____ () C:\Users\Parthiv\Desktop\KEURIG.xlsx
2014-09-13 06:27 - 2014-07-10 09:25 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-13 06:27 - 2013-08-05 05:22 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-13 06:20 - 2010-09-20 09:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
Some content of TEMP:
====================
C:\Users\Parthiv\AppData\Local\Temp\_is39B5.exe
C:\Users\Parthiv\AppData\Local\Temp\_is7DB7.exe
C:\Users\Parthiv\AppData\Local\Temp\_is9A1.exe
C:\Users\Parthiv\AppData\Local\Temp\_isB183.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE Association (whitelisted) =============
==================== Restore Points =========================
Restore point made on: 2014-10-10 07:47:14
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 3890.67 MB
Available physical RAM: 3310.93 MB
Total Pagefile: 3888.82 MB
Available Pagefile: 3291.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (TI105835W0G) (Fixed) (Total:453.83 GB) (Free:108.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (CDROM) (Total:7.96 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:0.48 GB) (Free:0.09 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1786ECE7)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.5 GB) - (Type=17)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 490 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=490 MB) - (Type=06)
LastRegBack: 2014-10-05 20:04
==================== End Of Log ============================