API tools faq
paste
Guest User

Untitled

a guest
Nov 8th, 2015
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.32 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
  2. Ran by are (administrator) on ARCEO (08-11-2015 23:52:06)
  3. Running from C:\Users\are\Desktop
  4. Loaded Profiles: are (Available Profiles: are)
  5. Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
  6. Internet Explorer Version 11 (Default browser: FF)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  15. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  16. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
  17. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  18. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
  19. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  20. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  21. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
  22. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  23. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
  24. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  25. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
  26. (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
  27. () C:\Users\are\AppData\Roaming\Jivaro\Jivaro\jivaro.exe
  28. () C:\Users\are\AppData\Roaming\Jivaro\Jivaro\hudworker.exe
  29. (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
  30. (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
  31. (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe
  32. (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  33. (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
  34. (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
  35. (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  36. (Spotify Ltd) C:\Users\are\AppData\Roaming\Spotify\SpotifyWebHelper.exe
  37. (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  38. (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4562\Agent.exe
  39. (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6312\Battle.net.exe
  40. (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coNatHst.exe
  41. (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
  42.  
  43.  
  44. ==================== Registry (Whitelisted) ===========================
  45.  
  46. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  47.  
  48. HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
  49. HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
  50. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
  51. HKU\S-1-5-21-2174167287-1550173523-973482863-1001\...\Run: [Spotify Web Helper] => C:\Users\are\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-24] (Spotify Ltd)
  52. HKU\S-1-5-21-2174167287-1550173523-973482863-1001\...\Run: [Spotify] => C:\Users\are\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-24] (Spotify Ltd)
  53. ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
  54. ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
  55. ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
  56. GroupPolicy: Restriction - Chrome <======= ATTENTION
  57. CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  58. CHR HKU\S-1-5-21-2174167287-1550173523-973482863-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  59.  
  60. ==================== Internet (Whitelisted) ====================
  61.  
  62. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  63.  
  64. Tcpip\Parameters: [DhcpNameServer] 130.67.15.198 193.213.112.4
  65. Tcpip\..\Interfaces\{3329BF6E-9611-4B4E-8A47-B5C73D9B54F3}: [NameServer] 199.203.131.152,82.163.143.182
  66. Tcpip\..\Interfaces\{3329BF6E-9611-4B4E-8A47-B5C73D9B54F3}: [DhcpNameServer] 130.67.15.198 193.213.112.4
  67.  
  68. Internet Explorer:
  69. ==================
  70. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
  71. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
  72. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV&q={searchTerms}
  73. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
  74. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
  75. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV&q={searchTerms}
  76. HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp
  77. HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp
  78. HKU\S-1-5-21-2174167287-1550173523-973482863-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=nb-NO&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fwww.istartsurf.com%2F%3Ftype%3Dhppp&OSP=http%3A%2F%2Fwww.delta%2Dhomes.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3Dwpm03203%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3Dwpm03203%26uid%3DWDCXWD10EZEX%2D08M2NA0%5FWD%2DWMC3F0EA50KVA50KV%26ts%3D1426843864%26type%3Ddefault%26q%3D%7BsearchTerms%7D
  79. SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
  80. SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
  81. SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
  82. SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
  83. SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1432805772&from=zzgbkk123&uid=wdcxwd10ezex-08m2na0_wd-wmc3f0ea50kva50kv&z=e9ec06ccd298c5d0a88bd8egdz2c1o7b4e9w0m2q6w&q={searchTerms}
  84. SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
  85. SearchScopes: HKU\S-1-5-21-2174167287-1550173523-973482863-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1432805772&from=zzgbkk123&uid=wdcxwd10ezex-08m2na0_wd-wmc3f0ea50kva50kv&z=e9ec06ccd298c5d0a88bd8egdz2c1o7b4e9w0m2q6w&q={searchTerms}
  86. BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
  87. BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
  88. BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
  89. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-30] (Oracle Corporation)
  90. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-30] (Oracle Corporation)
  91. Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
  92. Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
  93.  
  94. FireFox:
  95. ========
  96. FF ProfilePath: C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default
  97. FF DefaultSearchEngine: Google
  98. FF SelectedSearchEngine: Google
  99. FF Homepage: about:blank
  100. FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-29] ()
  101. FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-21] (Oracle Corporation)
  102. FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-21] (Oracle Corporation)
  103. FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
  104. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-29] ()
  105. FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
  106. FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-30] (Oracle Corporation)
  107. FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-30] (Oracle Corporation)
  108. FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
  109. FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
  110. FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-30] (NVIDIA Corporation)
  111. FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-30] (NVIDIA Corporation)
  112. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
  113. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
  114. FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
  115. FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
  116. FF Plugin-x32: TorchVLC -> C:\Users\are\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
  117. FF user.js: detected! => C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default\user.js [2015-09-30]
  118. FF SearchPlugin: C:\Users\are\AppData\Roaming\Mozilla\Firefox\Profiles\z4rira08.default\searchplugins\norton-safe-search.xml [2015-11-08]
  119. FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
  120. FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2015-11-04] [not signed]
  121. FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
  122.  
  123. Chrome:
  124. =======
  125. CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1419039556&from=wpc&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV
  126. CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419039556&from=wpc&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV","hxxp://isearch.omiga-plus.com/?type=hppp&ts=1421012093&from=ild&uid=WDCXWD10EZEX-08M2NA0_WD-WMC3F0EA50KVA50KV","hxxp://search.gboxapp.com/","hxxp://www.istartsurf.com/?type=hppp"
  127. CHR Profile: C:\Users\are\AppData\Local\Google\Chrome\User Data\Default
  128. CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\are\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-09-30]
  129. CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\are\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] [UpdateUrl: hxxps://mynamedomain.koko/00] <==== ATTENTION
  130. CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-29]
  131. CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
  132. CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-29]
  133. CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
  134.  
  135. ==================== Services (Whitelisted) ========================
  136.  
  137. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  138.  
  139. S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
  140. S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
  141. R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
  142. S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
  143. S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
  144. R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
  145. R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
  146. R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
  147. S2 TorchCrashHandler; C:\Users\are\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
  148. S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
  149. S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
  150. S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [X]
  151. S2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [X]
  152. S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [X]
  153. S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
  154.  
  155. ===================== Drivers (Whitelisted) ==========================
  156.  
  157. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  158.  
  159. R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
  160. R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
  161. R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
  162. S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2014-06-12] (Intel Corporation)
  163. S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
  164. R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
  165. R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
  166. R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151106.001\IDSvia64.sys [767224 2015-10-28] (Symantec Corporation)
  167. R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
  168. R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151108.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
  169. R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151108.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
  170. R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
  171. R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
  172. R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
  173. R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
  174. R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
  175. S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605040.018\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
  176. R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-29] (Symantec Corporation)
  177. R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
  178. R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
  179. S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
  180. R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
  181. S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
  182. S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
  183. S1 fjigpbhx; \??\C:\windows\system32\drivers\fjigpbhx.sys [X]
  184.  
  185. ==================== NetSvcs (Whitelisted) ===================
  186.  
  187. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  188.  
  189.  
  190. ==================== One Month Created files and folders ========
  191.  
  192. (If an entry is included in the fixlist, the file/folder will be moved.)
  193.  
  194. 2015-11-08 23:52 - 2015-11-08 23:52 - 00019288 _____ C:\Users\are\Desktop\FRST.txt
  195. 2015-11-08 23:51 - 2015-11-08 23:52 - 00000000 ____D C:\FRST
  196. 2015-11-08 23:49 - 2015-11-08 23:49 - 02198528 _____ (Farbar) C:\Users\are\Desktop\FRST64.exe
  197. 2015-11-06 20:15 - 2015-11-07 02:40 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E08.PROPER.HDTV.x264-KILLERS[ettv]
  198. 2015-11-06 20:13 - 2015-11-07 00:53 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E05.INTERNAL.HDTV.x264-KILLERS[ettv]
  199. 2015-11-06 20:12 - 2015-11-07 02:39 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E06.HDTV.x264-KILLERS[rarbg]
  200. 2015-11-06 20:11 - 2015-11-07 02:40 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E07.HDTV.x264-KILLERS[ettv]
  201. 2015-11-06 20:11 - 2015-11-07 00:53 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E04.HDTV.x264-KILLERS[ettv]
  202. 2015-11-06 20:11 - 2015-11-07 00:05 - 00000000 ____D C:\Users\are\Downloads\Heroes.Reborn.S01E03.HDTV.x264-LOL[ettv]
  203. 2015-11-06 20:10 - 2015-11-06 22:29 - 00000000 ____D C:\Users\are\Downloads\Heroes Reborn S01E01E02 HDTV XviD-FUM[ettv]
  204. 2015-11-06 20:10 - 2015-11-06 20:14 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E05.HDTV.x264-LOL[ettv]
  205. 2015-11-06 20:09 - 2015-11-06 20:09 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E05.HDTV.x264-LOL[ettv]
  206. 2015-11-06 20:08 - 2015-11-06 20:08 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E05.HDTV.x264-LOL[ettv]
  207. 2015-11-05 03:00 - 2015-11-05 03:22 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E05.HDTV.x264-LOL[ettv]
  208. 2015-11-02 02:52 - 2015-11-02 03:18 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E04.HDTV.x264-LOL[ettv]
  209. 2015-11-02 02:51 - 2015-11-02 03:18 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E04.HDTV.x264-LOL[ettv]
  210. 2015-10-31 23:47 - 2015-11-02 02:49 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E04.HDTV.x264-LOL[ettv]
  211. 2015-10-31 23:47 - 2015-11-01 00:08 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[ettv]
  212. 2015-10-30 23:35 - 2015-10-30 23:35 - 00000000 ____D C:\windows\%LOCALAPPDATA%
  213. 2015-10-30 04:56 - 2015-11-07 19:52 - 00000000 ____D C:\Users\are\AppData\Local\CrashDumps
  214. 2015-10-29 18:08 - 2015-10-30 23:37 - 00000000 ____D C:\Users\are\AppData\Local\NPE
  215. 2015-10-29 18:03 - 2015-10-30 23:34 - 00010324 _____ C:\windows\PFRO.log
  216. 2015-10-29 04:40 - 2015-10-29 04:40 - 00000000 ____D C:\windows\System32\Tasks\Norton Security
  217. 2015-10-29 04:39 - 2015-10-29 04:39 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
  218. 2015-10-29 04:39 - 2015-10-29 04:39 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
  219. 2015-10-29 04:39 - 2015-10-29 04:39 - 00003216 _____ C:\windows\System32\Tasks\Norton WSC Integration
  220. 2015-10-29 04:39 - 2015-10-29 04:39 - 00002409 _____ C:\Users\Public\Desktop\Norton Security.LNK
  221. 2015-10-29 04:39 - 2015-10-29 04:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
  222. 2015-10-29 04:38 - 2015-10-29 04:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
  223. 2015-10-29 04:38 - 2015-10-29 04:38 - 00000000 ____D C:\windows\system32\Drivers\NSx64
  224. 2015-10-29 04:38 - 2015-10-29 04:38 - 00000000 ____D C:\Program Files (x86)\Norton Security
  225. 2015-10-29 04:34 - 2015-10-30 23:30 - 00000000 ____D C:\ProgramData\Norton
  226. 2015-10-29 04:34 - 2015-10-29 04:34 - 01110744 _____ (Symantec Corporation) C:\Users\are\Downloads\NSDownloader.exe
  227. 2015-10-29 04:34 - 2015-10-29 04:34 - 00000000 ____D C:\Users\Public\Downloads\Norton
  228. 2015-10-28 22:40 - 2015-11-08 17:02 - 00002088 _____ C:\windows\setupact.log
  229. 2015-10-28 22:40 - 2015-10-28 22:40 - 00000000 _____ C:\windows\setuperr.log
  230. 2015-10-24 00:39 - 2015-10-24 01:27 - 00000000 ____D C:\Users\are\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv]
  231. 2015-10-24 00:37 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv]
  232. 2015-10-24 00:35 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E03.HDTV.x264-LOL[ettv]
  233. 2015-10-24 00:34 - 2015-10-24 01:26 - 00000000 ____D C:\Users\are\Downloads\The.Originals.S03E02.HDTV.x264-LOL[ettv]
  234. 2015-10-24 00:33 - 2015-10-24 00:40 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E03.HDTV.x264-LOL[ettv]
  235. 2015-10-23 13:31 - 2015-10-23 13:33 - 00000000 ____D C:\Users\are\Downloads\The.Vampire.Diaries.S07E02.HDTV.x264-LOL[ettv]
  236. 2015-10-15 22:01 - 2015-11-07 02:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
  237.  
  238. ==================== One Month Modified files and folders ========
  239.  
  240. (If an entry is included in the fixlist, the file/folder will be moved.)
  241.  
  242. 2015-11-08 23:51 - 2015-03-26 00:04 - 00000000 ____D C:\Users\are\AppData\Local\Battle.net
  243. 2015-11-08 23:40 - 2014-12-17 18:33 - 00000000 ____D C:\Users\are\AppData\Roaming\Spotify
  244. 2015-11-08 23:40 - 2014-12-17 18:33 - 00000000 ____D C:\Users\are\AppData\Local\Spotify
  245. 2015-11-08 23:38 - 2014-11-06 22:40 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2174167287-1550173523-973482863-1001
  246. 2015-11-08 23:32 - 2015-09-30 18:23 - 00000000 ____D C:\Program Files (x86)\IObit
  247. 2015-11-08 23:29 - 2015-09-30 18:34 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
  248. 2015-11-08 23:21 - 2015-03-26 00:04 - 00000000 ____D C:\Program Files (x86)\Battle.net
  249. 2015-11-08 23:19 - 2014-11-06 22:41 - 00000000 ____D C:\Users\are\AppData\Roaming\Skype
  250. 2015-11-08 23:12 - 2015-08-30 07:07 - 00001012 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  251. 2015-11-08 23:02 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
  252. 2015-11-08 22:31 - 2014-11-06 23:04 - 00003908 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{64A24EEB-5341-404A-8806-8DDADC29AE09}
  253. 2015-11-08 19:30 - 2014-11-06 11:01 - 02050082 _____ C:\windows\WindowsUpdate.log
  254. 2015-11-08 19:00 - 2015-08-21 22:26 - 00000288 _____ C:\windows\Tasks\NUSchedule.job
  255. 2015-11-08 13:00 - 2015-08-26 13:30 - 00000338 _____ C:\windows\Tasks\SpeedDiskSchedule.job
  256. 2015-11-08 08:12 - 2015-08-30 07:07 - 00001008 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  257. 2015-11-08 01:46 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
  258. 2015-11-07 15:55 - 2014-12-21 23:59 - 00000000 ____D C:\Users\are\AppData\Local\PokerStars
  259. 2015-11-07 14:23 - 2014-11-12 20:33 - 00000000 ____D C:\Users\are\AppData\Roaming\vlc
  260. 2015-11-07 08:15 - 2014-12-21 23:58 - 00000000 ____D C:\Program Files (x86)\PokerStars
  261. 2015-11-03 18:19 - 2014-11-07 00:31 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
  262. 2015-11-02 23:48 - 2015-05-01 00:15 - 00000000 ____D C:\Users\are\AppData\Local\Jivaro
  263. 2015-11-01 23:36 - 2014-11-09 23:15 - 00000000 ____D C:\ProgramData\TorchCrashHandler
  264. 2015-10-31 23:46 - 2014-11-07 13:23 - 00000000 ____D C:\Users\are\AppData\Local\Google
  265. 2015-10-30 23:40 - 2014-10-21 21:13 - 00448668 _____ C:\windows\system32\perfh014.dat
  266. 2015-10-30 23:40 - 2014-10-21 21:13 - 00076846 _____ C:\windows\system32\perfc014.dat
  267. 2015-10-30 23:40 - 2014-03-18 11:03 - 01377824 _____ C:\windows\system32\PerfStringBackup.INI
  268. 2015-10-30 23:36 - 2015-08-21 22:26 - 00000296 _____ C:\windows\Tasks\NUAutoUpdate.job
  269. 2015-10-30 23:34 - 2014-11-06 11:02 - 00000000 ____D C:\ProgramData\NVIDIA
  270. 2015-10-30 23:34 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
  271. 2015-10-30 23:33 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
  272. 2015-10-29 18:12 - 2015-09-30 18:34 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
  273. 2015-10-29 17:30 - 2015-09-30 18:47 - 00000000 ____D C:\Users\are\AppData\Local\5847
  274. 2015-10-29 17:27 - 2015-09-10 17:48 - 00000000 ____D C:\ProgramData\{5362d621-42e3-3d39-5362-2d62142e5885}
  275. 2015-10-29 17:27 - 2015-09-07 04:49 - 00000000 ____D C:\ProgramData\{287cf187-565f-e36c-287c-cf187565c61d}
  276. 2015-10-29 17:27 - 2015-09-02 13:24 - 00000000 ____D C:\ProgramData\{1ba5682e-c2aa-44f7-1ba5-5682ec2aa0bb}
  277. 2015-10-29 17:27 - 2015-09-02 05:24 - 00000000 ____D C:\ProgramData\{1c506afb-800c-f689-1c50-06afb800abee}
  278. 2015-10-29 17:27 - 2015-08-15 23:20 - 00000000 ____D C:\ProgramData\{389cb9f2-92b1-b54b-389c-cb9f292be7ca}
  279. 2015-10-29 17:27 - 2015-08-15 01:39 - 00000000 ____D C:\ProgramData\{b425c75e-c3a9-d5f3-b425-5c75ec3a1d7b}
  280. 2015-10-29 17:18 - 2013-08-22 14:25 - 00000092 _____ C:\windows\win.ini
  281. 2015-10-29 11:04 - 2015-01-06 03:05 - 00000000 ____D C:\ProgramData\TaaKETheCouppon
  282. 2015-10-29 11:03 - 2015-01-11 22:34 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
  283. 2015-10-29 07:19 - 2015-09-30 18:23 - 00000000 ____D C:\ProgramData\ProductData
  284. 2015-10-29 05:30 - 2014-11-30 22:57 - 00000000 ____D C:\Users\are\Downloads\Lucy (2014) [1080p]
  285. 2015-10-29 05:23 - 2015-02-20 01:58 - 00000000 ____D C:\ProgramData\ShoppingDealFactory
  286. 2015-10-29 05:23 - 2015-02-05 17:51 - 00000000 ____D C:\ProgramData\Block The Ads
  287. 2015-10-29 05:23 - 2015-02-04 22:33 - 00000000 ____D C:\ProgramData\SaveItCoupons
  288. 2015-10-29 05:19 - 2015-02-01 22:30 - 00000000 ____D C:\ProgramData\Ads Remover
  289. 2015-10-29 04:39 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
  290. 2015-10-29 04:39 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
  291. 2015-10-29 04:34 - 2014-12-04 18:15 - 00118272 ___SH C:\Users\are\Desktop\Thumbs.db
  292. 2015-10-24 00:33 - 2015-04-27 02:59 - 00001446 _____ C:\Users\are\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
  293. 2015-10-23 16:40 - 2014-11-09 23:14 - 00000000 ____D C:\Users\are\AppData\Local\Torch
  294. 2015-10-23 13:31 - 2015-05-15 07:18 - 00000024 _____ C:\Users\are\AppData\Roaming\appdataFr25.bin
  295. 2015-10-21 20:00 - 2015-09-18 00:26 - 00000000 ____D C:\Program Files (x86)\Hearthstone
  296. 2015-10-18 02:31 - 2014-11-06 22:34 - 00000000 ____D C:\Users\are
  297. 2015-10-17 14:07 - 2015-09-06 16:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  298.  
  299. ==================== Files in the root of some directories =======
  300.  
  301. 2015-06-23 22:10 - 2015-08-18 21:46 - 0000020 _____ () C:\Users\are\AppData\Roaming\appdataFr2.bin
  302. 2015-05-15 07:18 - 2015-10-23 13:31 - 0000024 _____ () C:\Users\are\AppData\Roaming\appdataFr25.bin
  303. 2015-02-01 22:30 - 2015-05-14 14:49 - 0000020 _____ () C:\Users\are\AppData\Roaming\appdataFr3.bin
  304. 2014-12-20 02:39 - 2014-12-20 02:44 - 0000096 _____ () C:\Users\are\AppData\Roaming\regsvr32.exe_log.txt
  305. 2014-11-06 01:00 - 2014-11-06 01:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
  306.  
  307. ==================== Bamital & volsnap =================
  308.  
  309. (There is no automatic fix for files that do not pass verification.)
  310.  
  311. C:\windows\system32\winlogon.exe => File is digitally signed
  312. C:\windows\system32\wininit.exe => File is digitally signed
  313. C:\windows\explorer.exe => File is digitally signed
  314. C:\windows\SysWOW64\explorer.exe => File is digitally signed
  315. C:\windows\system32\svchost.exe => File is digitally signed
  316. C:\windows\SysWOW64\svchost.exe => File is digitally signed
  317. C:\windows\system32\services.exe => File is digitally signed
  318. C:\windows\system32\User32.dll => File is digitally signed
  319. C:\windows\SysWOW64\User32.dll => File is digitally signed
  320. C:\windows\system32\userinit.exe => File is digitally signed
  321. C:\windows\SysWOW64\userinit.exe => File is digitally signed
  322. C:\windows\system32\rpcss.dll => File is digitally signed
  323. C:\windows\system32\dnsapi.dll => File is digitally signed
  324. C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
  325. C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
  326.  
  327.  
  328. LastRegBack: 2015-11-08 14:53
  329.  
  330. ==================== End of FRST.txt ============================
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!