Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 Ran by Jason (administrator) on JMB-TOSHIBA (02-09-2015 14:01:58) Running from C:\Users\Jason\Downloads Loaded Profiles: Jason (Available Profiles: Jason) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\Windows\ERUNT.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-01-28] (Cisco Systems, Inc.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-07-28] (Panda Security, S.L.) HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [Google Update] => C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-28] (Google Inc.) HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27839144 2015-05-19] (Microsoft Corporation) HKU\S-1-5-21-2563996265-3980964405-695694909-1001\...\Run: [OutlookOnDesktop] => C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe [316928 2010-08-29] (SMR Computer Services) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{DAB3769D-7B91-41D6-BCA7-97365BA1BF46}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=22.5.2.15 HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB hxxp://mystart.toshiba.com HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com HKU\S-1-5-21-2563996265-3980964405-695694909-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2563996265-3980964405-695694909-1001 -> {9C10887D-8B7F-11E4-8269-008CFA860C5A} URL = hxxp://Trovi.com/Results.aspx?ctid=CT3333048&searchsource=56&UM=6&q={searchTerms} BHO: No Name -> {193C0BB0-70C1-4F61-8A24-53EAA922035E} -> No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO: No Name -> {E44308F8-9A6B-44F7-B031-B1F72D3B9AE2} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation) DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://odcvpn.csgsupport.com/CACHE/stc/1/binaries/vpnweb.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jason\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-30] (Google Inc.) FF Plugin HKU\S-1-5-21-2563996265-3980964405-695694909-1001: LWAPlugin15.8 -> C:\Users\Jason\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Jason\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-27] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=toshibaupd&m=start" CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CARRIER_ID&ISID=ISID_ID&SearchSource=69&lay=5&p=cnts&UM=8&UP=UP_ID&SAT=CNTS CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-28] CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28] CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28] CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28] CHR Extension: (Google Cast) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-29] CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-06] CHR Extension: (Norton Security Toolbar) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-10] CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28] CHR Extension: (Cortex) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\decglnkhpfoocpafihfbeodhgofefaoc [2015-08-10] CHR Extension: (Google Sheets) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-28] CHR Extension: (Adblock Plus For Crhome) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\kllpgpcpibfcmabmdndgnhdfinglofbk [2015-07-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-29] CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28] CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-30] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-30] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-23] () [File not signed] R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent) R4 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-07-29] (Panda Security, S.L.) S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-07-28] (Panda Security, S.L.) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-27] (Enigma Software Group USA, LLC.) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. ) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881984 2014-01-07] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-29] (Symantec Corporation) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-27] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-27] () R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150901.003\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150901.025\ENG64.SYS [138488 2015-07-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150901.025\EX64.SYS [2146040 2015-07-29] (Symantec Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78072 2015-07-09] () R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-25] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 14:01 - 2015-09-02 14:02 - 00025882 _____ C:\Users\Jason\Downloads\FRST.txt 2015-09-02 13:59 - 2015-09-02 14:02 - 00000000 ____D C:\FRST 2015-09-02 13:57 - 2015-09-02 13:57 - 02188800 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe 2015-09-02 09:00 - 2015-09-02 09:00 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C496E1A5-45ED-45F6-A87E-7F0111DDD18D} 2015-08-27 00:49 - 2015-08-27 00:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Enigma Software Group 2015-08-27 00:49 - 2015-08-27 00:49 - 00000000 _____ C:\autoexec.bat 2015-08-27 00:48 - 2015-08-27 00:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-08-27 00:48 - 2015-08-27 00:48 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2015-08-27 00:48 - 2015-08-27 00:48 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2015-08-27 00:48 - 2015-08-27 00:48 - 00001114 _____ C:\Users\Jason\Desktop\SpyHunter.lnk 2015-08-27 00:48 - 2015-08-27 00:48 - 00000000 ____D C:\sh4ldr 2015-08-27 00:48 - 2015-08-27 00:48 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-08-27 00:47 - 2015-08-27 00:47 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Jason\Downloads\SpyHunter-Installer.exe 2015-08-27 00:43 - 2015-09-02 12:53 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2563996265-3980964405-695694909-1001 2015-08-27 00:29 - 2015-08-27 00:42 - 00002459 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-08-24 01:19 - 2015-08-24 01:19 - 00280848 _____ C:\Windows\Minidump\082415-62656-01.dmp 2015-08-13 21:11 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2015-08-13 21:10 - 2015-08-13 21:10 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Panda Security 2015-08-13 21:09 - 2015-08-13 21:12 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2016.lnk 2015-08-13 21:09 - 2015-08-13 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2016 2015-08-13 21:08 - 2015-08-13 21:10 - 00000000 ____D C:\Program Files (x86)\Panda Security 2015-08-13 21:05 - 2015-08-13 21:10 - 00000000 ____D C:\ProgramData\Panda Security 2015-08-13 21:04 - 2015-08-13 21:04 - 02113152 _____ C:\Users\Jason\Downloads\PANDAFREEAV.exe 2015-08-10 10:14 - 2015-08-10 10:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2015-08-10 09:22 - 2015-09-02 13:33 - 00000000 ____D C:\Users\Jason\AppData\Local\NPE 2015-08-10 09:21 - 2015-08-10 09:21 - 00000000 ____D C:\Users\Jason\AppData\Local\bvxvyxvec 2015-08-10 09:20 - 2015-08-10 09:20 - 00000000 ____D C:\Program Files (x86)\Cortex 2015-08-10 09:18 - 2015-08-13 21:40 - 00000000 ____D C:\Program Files (x86)\CUtThePriice 2015-08-10 09:18 - 2015-08-10 09:20 - 00000000 ____D C:\ProgramData\13524945122781317132 2015-08-10 09:17 - 2015-08-10 10:06 - 00000000 ____D C:\ProgramData\{9ede0946-b65a-b655-9ede-e0946b65251a} 2015-08-10 09:17 - 2015-08-10 09:17 - 00000000 ____D C:\ProgramData\gpjlfabmpcapimceepgdkmghfcjbngpb ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 14:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-02 13:27 - 2014-11-28 23:40 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001UA.job 2015-09-02 13:02 - 2014-12-23 22:34 - 00033792 ___SH C:\Users\Jason\Desktop\Thumbs.db 2015-09-02 13:02 - 2014-09-03 22:16 - 00000000 ____D C:\ProgramData\Norton 2015-09-02 13:01 - 2014-12-23 22:34 - 00001353 _____ C:\Users\Jason\Desktop\Norton Installation Files.lnk 2015-09-02 12:26 - 2014-09-03 21:39 - 01388211 _____ C:\Windows\WindowsUpdate.log 2015-09-02 10:27 - 2014-11-28 23:40 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2563996265-3980964405-695694909-1001Core.job 2015-09-02 09:34 - 2013-08-22 09:46 - 00021581 _____ C:\Windows\setupact.log 2015-09-02 09:14 - 2014-12-23 22:34 - 00000000 ____D C:\Users\Public\Downloads\Norton 2015-08-27 00:45 - 2014-11-28 23:03 - 00000000 ____D C:\Users\Jason\AppData\Local\Pokki 2015-08-27 00:42 - 2014-11-28 23:09 - 00002871 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk 2015-08-27 00:42 - 2014-11-28 23:09 - 00002628 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk 2015-08-27 00:42 - 2014-11-28 23:09 - 00002604 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk 2015-08-27 00:42 - 2014-11-28 23:09 - 00002589 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk 2015-08-27 00:42 - 2014-11-28 23:09 - 00002584 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk 2015-08-27 00:42 - 2014-11-28 23:09 - 00002305 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk 2015-08-27 00:41 - 2014-11-28 23:09 - 00000000 ___DO C:\Users\Jason\OneDrive 2015-08-27 00:41 - 2014-09-03 21:42 - 01209462 _____ C:\Windows\SysWOW64\rootpa.e2e 2015-08-27 00:39 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-08-27 00:38 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-27 00:37 - 2014-09-03 21:40 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2015-08-27 00:37 - 2014-04-10 23:56 - 00682626 _____ C:\Windows\PFRO.log 2015-08-27 00:37 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-27 00:31 - 2014-11-28 23:04 - 00000000 ____D C:\Users\Jason\AppData\Local\Packages 2015-08-27 00:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-24 01:19 - 2014-12-10 22:42 - 00000000 ____D C:\Windows\Minidump 2015-08-24 01:19 - 2013-08-22 09:44 - 00394112 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-24 01:18 - 2014-12-10 22:42 - 697393235 _____ C:\Windows\MEMORY.DMP 2015-08-24 01:18 - 2014-11-28 23:02 - 00000000 ____D C:\Users\Jason 2015-08-24 01:18 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-08-13 22:56 - 2014-12-04 10:10 - 00002246 ____H C:\Users\Jason\Documents\Default.rdp 2015-08-13 21:45 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-08-10 10:08 - 2015-07-30 10:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2015-08-10 10:08 - 2014-12-24 10:15 - 00002268 _____ C:\Users\Public\Desktop\Norton 360.LNK 2015-08-10 10:08 - 2014-12-24 10:12 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 ==================== Files in the root of some directories ======= 2014-09-03 21:44 - 2014-09-03 21:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-02 12:53 ==================== End of FRST.txt ============================