Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Raffi (administrator) on RAFFI_ACER_LPTP (30-03-2017 08:37:55) Running from C:\Users\Raffi\Desktop Loaded Profiles: Raffi (Available Profiles: Raffi) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe (Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe (Winstep Software Technologies) C:\Program Files (x86)\winstep\WsxService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\ns.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Winstep Software Technologies) C:\Program Files (x86)\winstep\Nexus-Ultimate.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Raffi\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe" HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Spotify Web Helper] => C:\Users\Raffi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-08] (Spotify Ltd) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [61F2E14DF1D88F32A2319B97D9176FED7BD436A5._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8 HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\Raffi\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-11-09] (Yahoo!, Inc.) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Run: [Google Update] => C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-03-26] (Google Inc.) HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\MountPoints2: {25758df2-ee32-11e5-82bb-206a8a9e3bd3} - "E:\windows\AutoRun.exe" HKU\S-1-5-18\...\Run: [Norton Download Manager{NS2250424-SHPD-FSD51083}] => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\NAV.exe /m ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{120DFA15-FB80-414C-8C8F-FF8FE5040607}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{49B0C951-EB8E-4D77-B180-F12058C5F2E1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{B749EF5E-6446-47D3-B40B-507096E9A039}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1372970940-966452781-916677827-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-1372970940-966452781-916677827-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-01-08] (Microsoft Corporation) BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-08] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-08] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-08] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-08] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: zq9xt1nw.default-1490291299972 FF ProfilePath: C:\Users\Raffi\AppData\Roaming\Mozilla\Firefox\Profiles\zq9xt1nw.default-1490291299972 [2017-03-29] FF Homepage: Mozilla\Firefox\Profiles\zq9xt1nw.default-1490291299972 -> www.google.com FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2017-03-28] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-11] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.) FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-26] (Google Inc.) FF Plugin HKU\S-1-5-21-1372970940-966452781-916677827-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Profile 3 CHR StartupUrls: Profile 3 -> "hxxp://www.protopage.com/basturma" CHR Profile: C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-03-30] CHR Extension: (Easy Auto Refresh) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2017-03-28] CHR Extension: (Home Button At Top Right) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bfejcgpdahgpmgadhgdadfiekmhgnifm [2017-03-28] CHR Extension: (Tampermonkey) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-28] CHR Extension: (Chrome Remote Desktop) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-03-28] CHR Extension: (AdBlock) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-30] CHR Extension: (Google Keep - notes and lists) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-03-28] CHR Extension: (Subtle Scrollbars) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iepofmbkhfelkphdhkldbiemijmgcmlc [2017-03-28] CHR Extension: (New incognito window) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kfjgnhdleafdmakapfmfjfepmpobpnap [2017-03-28] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-03-28] CHR Extension: (Dark Horizon) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2017-03-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28] CHR Extension: (Neater Bookmarks) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2017-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-28] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1372970940-966452781-916677827-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Raffi\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-06-28] CHR HKU\S-1-5-21-1372970940-966452781-916677827-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-01-02] (Microsoft Corporation) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation) R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.) R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-07-31] (Mediatek Inc.) R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\NS.exe [326160 2017-03-16] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation) S3 RaMediaServer; C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20170327.001\BHDrvx64.sys [1831064 2017-03-14] (Symantec Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros) R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20170329.001\IDSvia64.sys [1038024 2017-03-13] (Symantec Corporation) S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation) R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2207888 2014-07-04] (MediaTek Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation) S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609010.00C\SymELAM.sys [24616 2017-02-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-07] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-09] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160628.037\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160628.037\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-30 08:37 - 2017-03-30 08:37 - 00025149 _____ C:\Users\Raffi\Desktop\FRST.txt 2017-03-30 08:37 - 2017-03-30 08:37 - 00000000 ____D C:\FRST 2017-03-30 08:35 - 2017-03-30 08:35 - 02424832 _____ (Farbar) C:\Users\Raffi\Desktop\FRST64.exe 2017-03-30 08:32 - 2017-03-30 08:32 - 00000624 _____ C:\Users\Raffi\Desktop\JRT.txt 2017-03-30 08:30 - 2017-03-30 08:30 - 01663904 _____ (Malwarebytes) C:\Users\Raffi\Desktop\JRT.exe 2017-03-30 08:15 - 2017-03-30 08:15 - 04089296 _____ C:\Users\Raffi\Desktop\AdwCleaner.exe 2017-03-29 16:12 - 2017-03-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-28 20:02 - 2017-03-28 20:02 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2017-03-27 23:17 - 2017-03-27 23:17 - 00000000 ____D C:\Program Files\NortonInstaller 2017-03-26 23:28 - 2017-03-26 23:28 - 00000017 _____ C:\Users\Raffi\AppData\Local\resmon.resmoncfg 2017-03-26 15:26 - 2017-03-26 15:26 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001UA 2017-03-26 15:26 - 2017-03-26 15:26 - 00003232 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001Core 2017-03-23 19:43 - 2017-03-23 19:52 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2017-03-23 19:43 - 2017-03-23 19:43 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\dvdcss 2017-03-23 11:04 - 2017-03-23 11:04 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-13 08:44 - 2017-03-30 08:23 - 00000000 ____D C:\AdwCleaner 2017-03-07 17:39 - 2017-03-28 20:11 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-29 23:56 - 2015-12-02 14:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2017-03-29 20:13 - 2015-01-08 21:54 - 00000000 ____D C:\Users\Raffi\AppData\Local\CrashDumps 2017-03-29 16:22 - 2015-01-08 14:43 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1372970940-966452781-916677827-1001 2017-03-29 15:53 - 2015-01-17 00:54 - 00000000 ____D C:\Users\Public\Documents\Winstep 2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\Users\Raffi\AppData\Local\Downloaded Installations 2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\ProgramData\Sonos,_Inc 2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos 2017-03-29 15:29 - 2015-01-15 22:45 - 00000000 ____D C:\Program Files (x86)\Sonos 2017-03-28 20:31 - 2015-12-02 14:23 - 00000000 ____D C:\Program Files\Common Files\AV 2017-03-28 20:11 - 2014-03-18 03:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-28 20:11 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf 2017-03-28 20:07 - 2015-05-16 10:55 - 00000000 ____D C:\Users\Raffi\AppData\Local\NPE 2017-03-28 20:05 - 2015-09-19 13:25 - 00000000 ___RD C:\Users\Raffi\Google Drive 2017-03-28 20:05 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-28 20:02 - 2016-06-28 22:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2017-03-28 20:02 - 2016-02-24 11:54 - 00000000 ____D C:\Windows\system32\Drivers\NSx64 2017-03-28 20:02 - 2015-05-16 10:56 - 00000000 ____D C:\NPE 2017-03-28 20:02 - 2015-01-10 21:48 - 00000000 ____D C:\Users\Raffi\AppData\Local\Adobe 2017-03-28 19:35 - 2015-01-19 16:38 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google 2017-03-28 00:07 - 2015-01-10 00:34 - 00001026 _____ C:\Windows\BRCALIB.INI 2017-03-27 16:00 - 2016-11-22 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-03-26 15:27 - 2015-01-08 22:11 - 00000000 ____D C:\Users\Raffi\AppData\Local\Google 2017-03-26 15:10 - 2015-01-09 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google 2017-03-26 15:00 - 2015-01-08 22:11 - 00000000 ____D C:\Program Files (x86)\Google 2017-03-23 11:31 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-03-23 11:25 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2017-03-22 00:36 - 2015-01-25 18:19 - 00000000 ____D C:\Users\Raffi\AppData\Local\Spotify 2017-03-22 00:28 - 2015-01-25 18:18 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Spotify 2017-03-20 12:41 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi\AppData\Roaming\Adobe 2017-03-14 19:23 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi 2017-03-14 18:22 - 2015-01-19 19:49 - 00000000 ____D C:\ProgramData\Norton 2017-03-14 18:22 - 2015-01-19 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediatek Wireless 2017-03-14 18:22 - 2015-01-09 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-03-14 18:22 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-03-14 18:22 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-14 18:21 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\registration 2017-03-07 17:34 - 2016-02-24 11:54 - 00000000 ____D C:\Program Files (x86)\Norton Security 2017-03-07 14:49 - 2016-02-24 11:55 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2017-03-07 14:49 - 2016-02-24 11:55 - 00008298 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2017-03-04 13:53 - 2015-04-21 17:33 - 00000000 ____D C:\Users\Raffi\AppData\LocalLow\Unity 2017-03-02 09:20 - 2015-01-08 14:38 - 00000000 ____D C:\Users\Raffi\AppData\Local\Packages ==================== Files in the root of some directories ======= 2017-03-26 23:28 - 2017-03-26 23:28 - 0000017 _____ () C:\Users\Raffi\AppData\Local\resmon.resmoncfg 2014-10-05 15:50 - 2014-10-05 15:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-02-24 22:22 - 2016-02-24 22:22 - 0287934 _____ () C:\ProgramData\SplashID.ico ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-26 04:49 ==================== End of FRST.txt ============================