Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
- Ran by are (administrator) on ARCEO (08-11-2015 23:52:06)
- Running from C:\Users\are\Desktop
- Loaded Profiles: are (Available Profiles: are)
- Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
- Internet Explorer Version 11 (Default browser: FF)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
- (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
- () C:\Users\are\AppData\Roaming\Jivaro\Jivaro\jivaro.exe
- () C:\Users\are\AppData\Roaming\Jivaro\Jivaro\hudworker.exe
- (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
- (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
- (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
- (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Spotify Ltd) C:\Users\are\AppData\Roaming\Spotify\SpotifyWebHelper.exe
- (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4562\Agent.exe
- (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6312\Battle.net.exe
- (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coNatHst.exe
- (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
- HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
- HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
- HKU\S-1-5-21-2174167287-1550173523-973482863-1001\...\Run: [Spotify Web Helper] => C:\Users\are\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-24] (Spotify Ltd)
- HKU\S-1-5-21-2174167287-1550173523-973482863-1001\...\Run: [Spotify] => C:\Users\are\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-24] (Spotify Ltd)
- ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
- ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
- ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
- GroupPolicy: Restriction - Chrome <======= ATTENTION
- CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
- CHR HKU\S-1-5-21-2174167287-1550173523-973482863-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Tcpip\Parameters: [DhcpNameServer] 130.67.15.198 193.213.112.4
- Tcpip\..\Interfaces\{3329BF6E-9611-4B4E-8A47-B5C73D9B54F3}: [NameServer] 199.203.131.152,82.163.143.182
- Tcpip\..\Interfaces\{3329BF6E-9611-4B4E-8A47-B5C73D9B54F3}: [DhcpNameServer] 130.67.15.198 193.213.112.4
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV&q={searchTerms}
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV&q={searchTerms}
- HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
- HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
- HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=nb-NO&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.istartsurf.com%2F%3Ftype%3Dhppp&OSP=http%3A%2F%2Fwww.delta%2Dhomes.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3Dwpm03203%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3Dwpm03203%26uid%3DWDCXWD10EZEX%2D08M2NA0%5FWD%2DWMC3F0EA50KVA50KV%26ts%3D1426843864%26type%3Ddefault%26q%3D%7BsearchTerms%7D
- SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
- SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
- SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
- SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
- SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1432805772&from=zzgbkk123&uid=wdcxwd10ezex-08m2na0_wd-wmc3f0ea50kva50kv&z=e9ec06ccd298c5d0a88bd8egdz2c1o7b4e9w0m2q6w&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
- SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1432805772&from=zzgbkk123&uid=wdcxwd10ezex-08m2na0_wd-wmc3f0ea50kva50kv&z=e9ec06ccd298c5d0a88bd8egdz2c1o7b4e9w0m2q6w&q={searchTerms}
- BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
- BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
- BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-30] (Oracle Corporation)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-30] (Oracle Corporation)
- Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
- Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
- FireFox:
- ========
- FF ProfilePath: C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default
- FF DefaultSearchEngine: Google
- FF SelectedSearchEngine: Google
- FF Homepage: about:blank
- FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-29] ()
- FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-21] (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-21] (Oracle Corporation)
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-29] ()
- FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
- FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-30] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-30] (Oracle Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
- FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
- FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
- FF Plugin-x32: TorchVLC -> C:\Users\are\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
- FF user.js: detected! => C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default\user.js [2015-09-30]
- FF SearchPlugin: C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default\searchplugins\norton-safe-search.xml [2015-11-08]
- FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
- FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2015-11-04] [not signed]
- FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
- Chrome:
- =======
- CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1419039556&from=wpc&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV
- CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419039556&from=wpc&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV","hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV","hxxp://search.gboxapp.com/","hxxp://www.istartsurf.com/?type=hppp"
- CHR Profile: C:\Users\are\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\are\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-09-30]
- CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\are\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION
- CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-29]
- CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
- CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-29]
- CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
- ==================== Services (Whitelisted) ========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
- S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
- R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
- S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
- S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
- R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
- R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
- R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
- S2 TorchCrashHandler; C:\Users\are\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
- S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
- S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
- S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [X]
- S2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [X]
- S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [X]
- S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
- ===================== Drivers (Whitelisted) ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
- R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
- R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
- S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2014-06-12] (Intel Corporation)
- S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
- R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
- R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
- R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151106.001\IDSvia64.sys [767224 2015-10-28] (Symantec Corporation)
- R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
- R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151108.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
- R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151108.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
- R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
- R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
- R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
- R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
- R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
- S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
- R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-29] (Symantec Corporation)
- R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
- R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
- S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
- R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
- S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
- S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
- S1 fjigpbhx; \??\C:\windows\system32\drivers\fjigpbhx.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-08 23:52 - 2015-11-08 23:52 - 00019288 _____ C:\Users\are\Desktop\FRST.txt
- 2015-11-08 23:51 - 2015-11-08 23:52 - 00000000 ____D C:\FRST
- 2015-11-08 23:49 - 2015-11-08 23:49 - 02198528 _____ (Farbar) C:\Users\are\Desktop\FRST64.exe
- 2015-11-06 20:15 - 2015-11-07 02:40 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E08.PROPER.HDTV.x264-KILLERS[ettv]
- 2015-11-06 20:13 - 2015-11-07 00:53 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E05.INTERNAL.HDTV.x264-KILLERS[ettv]
- 2015-11-06 20:12 - 2015-11-07 02:39 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E06.HDTV.x264-KILLERS[rarbg]
- 2015-11-06 20:11 - 2015-11-07 02:40 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E07.HDTV.x264-KILLERS[ettv]
- 2015-11-06 20:11 - 2015-11-07 00:53 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E04.HDTV.x264-KILLERS[ettv]
- 2015-11-06 20:11 - 2015-11-07 00:05 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E03.HDTV.x264-LOL[ettv]
- 2015-11-06 20:10 - 2015-11-06 22:29 - 00000000 ____D C:\Users\are\Downloads\Heroes Reborn S01E01E02 HDTV XviD-FUM[ettv]
- 2015-11-06 20:10 - 2015-11-06 20:14 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E05.HDTV.x264-LOL[ettv]
- 2015-11-06 20:09 - 2015-11-06 20:09 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E05.HDTV.x264-LOL[ettv]
- 2015-11-06 20:08 - 2015-11-06 20:08 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E05.HDTV.x264-LOL[ettv]
- 2015-11-05 03:00 - 2015-11-05 03:22 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E05.HDTV.x264-LOL[ettv]
- 2015-11-02 02:52 - 2015-11-02 03:18 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E04.HDTV.x264-LOL[ettv]
- 2015-11-02 02:51 - 2015-11-02 03:18 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E04.HDTV.x264-LOL[ettv]
- 2015-10-31 23:47 - 2015-11-02 02:49 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E04.HDTV.x264-LOL[ettv]
- 2015-10-31 23:47 - 2015-11-01 00:08 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[ettv]
- 2015-10-30 23:35 - 2015-10-30 23:35 - 00000000 ____D C:\windows\%LOCALAPPDATA%
- 2015-10-30 04:56 - 2015-11-07 19:52 - 00000000 ____D C:\Users\are\AppData\Local\CrashDumps
- 2015-10-29 18:08 - 2015-10-30 23:37 - 00000000 ____D C:\Users\are\AppData\Local\NPE
- 2015-10-29 18:03 - 2015-10-30 23:34 - 00010324 _____ C:\windows\PFRO.log
- 2015-10-29 04:40 - 2015-10-29 04:40 - 00000000 ____D C:\windows\System32\Tasks\Norton Security
- 2015-10-29 04:39 - 2015-10-29 04:39 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
- 2015-10-29 04:39 - 2015-10-29 04:39 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
- 2015-10-29 04:39 - 2015-10-29 04:39 - 00003216 _____ C:\windows\System32\Tasks\Norton WSC Integration
- 2015-10-29 04:39 - 2015-10-29 04:39 - 00002409 _____ C:\Users\Public\Desktop\Norton Security.LNK
- 2015-10-29 04:39 - 2015-10-29 04:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
- 2015-10-29 04:38 - 2015-10-29 04:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
- 2015-10-29 04:38 - 2015-10-29 04:38 - 00000000 ____D C:\windows\system32\Drivers\NSx64
- 2015-10-29 04:38 - 2015-10-29 04:38 - 00000000 ____D C:\Program Files (x86)\Norton Security
- 2015-10-29 04:34 - 2015-10-30 23:30 - 00000000 ____D C:\ProgramData\Norton
- 2015-10-29 04:34 - 2015-10-29 04:34 - 01110744 _____ (Symantec Corporation) C:\Users\are\Downloads\NSDownloader.exe
- 2015-10-29 04:34 - 2015-10-29 04:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
- 2015-10-28 22:40 - 2015-11-08 17:02 - 00002088 _____ C:\windows\setupact.log
- 2015-10-28 22:40 - 2015-10-28 22:40 - 00000000 _____ C:\windows\setuperr.log
- 2015-10-24 00:39 - 2015-10-24 01:27 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv]
- 2015-10-24 00:37 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv]
- 2015-10-24 00:35 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E03.HDTV.x264-LOL[ettv]
- 2015-10-24 00:34 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E02.HDTV.x264-LOL[ettv]
- 2015-10-24 00:33 - 2015-10-24 00:40 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E03.HDTV.x264-LOL[ettv]
- 2015-10-23 13:31 - 2015-10-23 13:33 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E02.HDTV.x264-LOL[ettv]
- 2015-10-15 22:01 - 2015-11-07 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-08 23:51 - 2015-03-26 00:04 - 00000000 ____D C:\Users\are\AppData\Local\Battle.net
- 2015-11-08 23:40 - 2014-12-17 18:33 - 00000000 ____D C:\Users\are\AppData\Roaming\Spotify
- 2015-11-08 23:40 - 2014-12-17 18:33 - 00000000 ____D C:\Users\are\AppData\Local\Spotify
- 2015-11-08 23:38 - 2014-11-06 22:40 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2174167287-1550173523-973482863-1001
- 2015-11-08 23:32 - 2015-09-30 18:23 - 00000000 ____D C:\Program Files (x86)\IObit
- 2015-11-08 23:29 - 2015-09-30 18:34 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
- 2015-11-08 23:21 - 2015-03-26 00:04 - 00000000 ____D C:\Program Files (x86)\Battle.net
- 2015-11-08 23:19 - 2014-11-06 22:41 - 00000000 ____D C:\Users\are\AppData\Roaming\Skype
- 2015-11-08 23:12 - 2015-08-30 07:07 - 00001012 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-11-08 23:02 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
- 2015-11-08 22:31 - 2014-11-06 23:04 - 00003908 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{64A24EEB-5341-404A-8806-8DDADC29AE09}
- 2015-11-08 19:30 - 2014-11-06 11:01 - 02050082 _____ C:\windows\WindowsUpdate.log
- 2015-11-08 19:00 - 2015-08-21 22:26 - 00000288 _____ C:\windows\Tasks\NUSchedule.job
- 2015-11-08 13:00 - 2015-08-26 13:30 - 00000338 _____ C:\windows\Tasks\SpeedDiskSchedule.job
- 2015-11-08 08:12 - 2015-08-30 07:07 - 00001008 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2015-11-08 01:46 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
- 2015-11-07 15:55 - 2014-12-21 23:59 - 00000000 ____D C:\Users\are\AppData\Local\PokerStars
- 2015-11-07 14:23 - 2014-11-12 20:33 - 00000000 ____D C:\Users\are\AppData\Roaming\vlc
- 2015-11-07 08:15 - 2014-12-21 23:58 - 00000000 ____D C:\Program Files (x86)\PokerStars
- 2015-11-03 18:19 - 2014-11-07 00:31 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
- 2015-11-02 23:48 - 2015-05-01 00:15 - 00000000 ____D C:\Users\are\AppData\Local\Jivaro
- 2015-11-01 23:36 - 2014-11-09 23:15 - 00000000 ____D C:\ProgramData\TorchCrashHandler
- 2015-10-31 23:46 - 2014-11-07 13:23 - 00000000 ____D C:\Users\are\AppData\Local\Google
- 2015-10-30 23:40 - 2014-10-21 21:13 - 00448668 _____ C:\windows\system32\perfh014.dat
- 2015-10-30 23:40 - 2014-10-21 21:13 - 00076846 _____ C:\windows\system32\perfc014.dat
- 2015-10-30 23:40 - 2014-03-18 11:03 - 01377824 _____ C:\windows\system32\PerfStringBackup.INI
- 2015-10-30 23:36 - 2015-08-21 22:26 - 00000296 _____ C:\windows\Tasks\NUAutoUpdate.job
- 2015-10-30 23:34 - 2014-11-06 11:02 - 00000000 ____D C:\ProgramData\NVIDIA
- 2015-10-30 23:34 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
- 2015-10-30 23:33 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
- 2015-10-29 18:12 - 2015-09-30 18:34 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
- 2015-10-29 17:30 - 2015-09-30 18:47 - 00000000 ____D C:\Users\are\AppData\Local\5847
- 2015-10-29 17:27 - 2015-09-10 17:48 - 00000000 ____D C:\ProgramData\{5362d621-42e3-3d39-5362-2d62142e5885}
- 2015-10-29 17:27 - 2015-09-07 04:49 - 00000000 ____D C:\ProgramData\{287cf187-565f-e36c-287c-cf187565c61d}
- 2015-10-29 17:27 - 2015-09-02 13:24 - 00000000 ____D C:\ProgramData\{1ba5682e-c2aa-44f7-1ba5-5682ec2aa0bb}
- 2015-10-29 17:27 - 2015-09-02 05:24 - 00000000 ____D C:\ProgramData\{1c506afb-800c-f689-1c50-06afb800abee}
- 2015-10-29 17:27 - 2015-08-15 23:20 - 00000000 ____D C:\ProgramData\{389cb9f2-92b1-b54b-389c-cb9f292be7ca}
- 2015-10-29 17:27 - 2015-08-15 01:39 - 00000000 ____D C:\ProgramData\{b425c75e-c3a9-d5f3-b425-5c75ec3a1d7b}
- 2015-10-29 17:18 - 2013-08-22 14:25 - 00000092 _____ C:\windows\win.ini
- 2015-10-29 11:04 - 2015-01-06 03:05 - 00000000 ____D C:\ProgramData\TaaKETheCouppon
- 2015-10-29 11:03 - 2015-01-11 22:34 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
- 2015-10-29 07:19 - 2015-09-30 18:23 - 00000000 ____D C:\ProgramData\ProductData
- 2015-10-29 05:30 - 2014-11-30 22:57 - 00000000 ____D C:\Users\are\Downloads\Lucy (2014) [1080p]
- 2015-10-29 05:23 - 2015-02-20 01:58 - 00000000 ____D C:\ProgramData\ShoppingDealFactory
- 2015-10-29 05:23 - 2015-02-05 17:51 - 00000000 ____D C:\ProgramData\Block The Ads
- 2015-10-29 05:23 - 2015-02-04 22:33 - 00000000 ____D C:\ProgramData\SaveItCoupons
- 2015-10-29 05:19 - 2015-02-01 22:30 - 00000000 ____D C:\ProgramData\Ads Remover
- 2015-10-29 04:39 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
- 2015-10-29 04:39 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
- 2015-10-29 04:34 - 2014-12-04 18:15 - 00118272 ___SH C:\Users\are\Desktop\Thumbs.db
- 2015-10-24 00:33 - 2015-04-27 02:59 - 00001446 _____ C:\Users\are\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
- 2015-10-23 16:40 - 2014-11-09 23:14 - 00000000 ____D C:\Users\are\AppData\Local\Torch
- 2015-10-23 13:31 - 2015-05-15 07:18 - 00000024 _____ C:\Users\are\AppData\Roaming\appdataFr25.bin
- 2015-10-21 20:00 - 2015-09-18 00:26 - 00000000 ____D C:\Program Files (x86)\Hearthstone
- 2015-10-18 02:31 - 2014-11-06 22:34 - 00000000 ____D C:\Users\are
- 2015-10-17 14:07 - 2015-09-06 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
- ==================== Files in the root of some directories =======
- 2015-06-23 22:10 - 2015-08-18 21:46 - 0000020 _____ () C:\Users\are\AppData\Roaming\appdataFr2.bin
- 2015-05-15 07:18 - 2015-10-23 13:31 - 0000024 _____ () C:\Users\are\AppData\Roaming\appdataFr25.bin
- 2015-02-01 22:30 - 2015-05-14 14:49 - 0000020 _____ () C:\Users\are\AppData\Roaming\appdataFr3.bin
- 2014-12-20 02:39 - 2014-12-20 02:44 - 0000096 _____ () C:\Users\are\AppData\Roaming\regsvr32.exe_log.txt
- 2014-11-06 01:00 - 2014-11-06 01:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
- ==================== Bamital & volsnap =================
- (There is no automatic fix for files that do not pass verification.)
- C:\windows\system32\winlogon.exe => File is digitally signed
- C:\windows\system32\wininit.exe => File is digitally signed
- C:\windows\explorer.exe => File is digitally signed
- C:\windows\SysWOW64\explorer.exe => File is digitally signed
- C:\windows\system32\svchost.exe => File is digitally signed
- C:\windows\SysWOW64\svchost.exe => File is digitally signed
- C:\windows\system32\services.exe => File is digitally signed
- C:\windows\system32\User32.dll => File is digitally signed
- C:\windows\SysWOW64\User32.dll => File is digitally signed
- C:\windows\system32\userinit.exe => File is digitally signed
- C:\windows\SysWOW64\userinit.exe => File is digitally signed
- C:\windows\system32\rpcss.dll => File is digitally signed
- C:\windows\system32\dnsapi.dll => File is digitally signed
- C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
- C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-11-08 14:53
- ==================== End of FRST.txt ============================
Add Comment
Please, Sign In to add comment