Active Hi Broni

Discussion in 'Malware Removal' started by auen1, Mar 7, 2017.

  1. auen1

    auen1

    Joined:
    Nov 18, 2011
    Messages:
    1,042
    Location:
    Nome, Ak
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
    Ran by arlie (administrator) on AL (08-03-2017 15:21:31)
    Running from C:\Users\arlie\Downloads
    Loaded Profiles: arlie (Available Profiles: defaultuser0 & arlie)
    Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
    (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Vimicro Corporation) C:\Program Files (x86)\Plugable Technologies\USB2-Micro-200X\VMonitor.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2017-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
    HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11333632 2016-05-31] (Micro-Star INT'L CO., LTD.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKU\S-1-5-21-1548649580-783605596-2603990174-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9539800 2016-12-15] (Piriform Ltd)
    HKU\S-1-5-21-1548649580-783605596-2603990174-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5788112 2017-02-08] (SecureMix LLC)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine32\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
    Startup: C:\Users\arlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VMonitor.lnk [2017-01-14]
    ShortcutTarget: VMonitor.lnk -> C:\Program Files (x86)\Plugable Technologies\USB2-Micro-200X\VMonitor.exe (Vimicro Corporation)
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0f39dc41-e4eb-4ec3-a495-72ca4d569152}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{34ec6cfd-b2f0-4760-9118-3cfc6aac7dac}: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{8bf99dfc-beba-477f-bee6-970b1d337bb3}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-14] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-14] (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)

    FireFox:
    ========
    FF DefaultProfile: jsb8492x.default
    FF ProfilePath: C:\Users\arlie\AppData\Roaming\Mozilla\Firefox\Profiles\jsb8492x.default [2017-03-08]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\arlie\AppData\Roaming\Mozilla\Firefox\Profiles\jsb8492x.default\features\{a5f4a5d0-de8d-41f1-9082-64e9d761f9ab}\[email protected] [2017-03-03]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2017-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-14] (Oracle Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-14] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-06]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-03-06]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2017-01-13] ()
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2017-01-13] () [File not signed]
    R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4346320 2017-02-08] (SecureMix LLC)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-03-06] (SurfRight B.V.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
    S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
    R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-25] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2248144 2016-04-28] (Micro-Star INT'L CO., LTD.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
    R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-12-18] (Microsoft Corporation)
    R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
    S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe" /h ccCommon [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
    R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
    R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20170301.003\BHDrvx64.sys [1874136 2017-03-01] (Symantec Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [485856 2017-01-13] (Intel Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-05] (Symantec Corporation)
    R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
    R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20170308.003\IDSvia64.sys [1038024 2017-03-03] (Symantec Corporation)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-29] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)
    S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
    S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2017-01-13] (Realtek )
    R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-06] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
    R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
    R3 vuhub; C:\Windows\System32\drivers\vuhub.sys [47616 2007-12-16] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170306.002\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170306.002\NAVEX15.SYS [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-08 15:21 - 2017-03-08 15:21 - 00019998 _____ C:\Users\arlie\Downloads\FRST.txt
    2017-03-08 15:21 - 2017-03-08 15:21 - 00000000 ____D C:\Users\arlie\Downloads\FRST-OlderVersion
    2017-03-07 19:14 - 2017-03-07 19:14 - 00000554 _____ C:\Users\arlie\Desktop\JRT.txt
    2017-03-07 19:12 - 2017-03-07 19:13 - 01663736 _____ (Malwarebytes) C:\Users\arlie\Downloads\JRT.exe
    2017-03-07 19:04 - 2017-03-07 19:08 - 00000000 ____D C:\AdwCleaner
    2017-03-07 19:03 - 2017-03-07 19:04 - 04031440 _____ C:\Users\arlie\Downloads\AdwCleaner.exe
    2017-03-07 18:21 - 2017-03-07 18:49 - 57131432 _____ (Malwarebytes ) C:\Users\arlie\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-07 17:46 - 2017-03-07 18:52 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-03-07 17:46 - 2017-03-07 17:46 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-03-07 17:46 - 2017-03-07 17:46 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2017-03-07 17:46 - 2017-03-07 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-03-07 17:46 - 2017-03-07 17:46 - 00000000 ____D C:\Program Files\RogueKiller
    2017-03-07 17:05 - 2017-03-07 17:45 - 34885984 _____ (Adlice Software ) C:\Users\arlie\Downloads\setup.exe
    2017-03-07 11:07 - 2017-03-08 15:21 - 00000000 ____D C:\FRST
    2017-03-07 11:06 - 2017-03-08 15:21 - 02423808 _____ (Farbar) C:\Users\arlie\Downloads\FRST64.exe
    2017-03-07 02:31 - 2017-03-07 02:31 - 00001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
    2017-03-07 02:31 - 2017-03-07 02:31 - 00001012 _____ C:\Users\Public\Desktop\µTorrent.lnk
    2017-03-07 02:31 - 2017-03-07 02:31 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2017-03-07 02:30 - 2017-03-07 15:21 - 00000000 ____D C:\Users\arlie\AppData\Roaming\uTorrent
    2017-03-07 02:30 - 2017-03-07 02:30 - 00399736 _____ (BitTorrent, Inc.) C:\Users\arlie\Downloads\2.2.1.25302_utorrent_2.2.1.25302.exe
    2017-03-06 17:27 - 2017-03-07 19:01 - 00000000 ____D C:\Users\arlie\AppData\Local\a14672bf
    2017-03-06 17:10 - 2017-03-06 17:10 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2017-03-06 17:10 - 2017-03-06 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2017-03-06 17:10 - 2017-03-06 17:10 - 00000000 ____D C:\Program Files\HitmanPro
    2017-03-06 17:09 - 2017-03-06 17:28 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-03-06 17:01 - 2017-03-06 17:09 - 11581544 _____ (SurfRight B.V.) C:\Users\arlie\Downloads\hitmanpro_x64.exe
    2017-03-06 00:45 - 2017-03-08 00:46 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-03-06 00:45 - 2017-03-06 00:45 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-03-06 00:24 - 2017-03-08 15:04 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
    2017-03-06 00:22 - 2017-03-06 00:22 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2017-03-06 00:22 - 2017-03-06 00:22 - 00008298 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2017-03-06 00:22 - 2017-03-06 00:22 - 00003374 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2017-03-06 00:22 - 2017-03-06 00:22 - 00002206 _____ C:\Users\Public\Desktop\Norton Security.lnk
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ____D C:\ProgramData\NortonInstaller
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ____D C:\Program Files\Norton Security
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2017-03-06 00:22 - 2017-03-06 00:22 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
    2017-03-06 00:17 - 2017-03-06 00:46 - 00000000 ____D C:\ProgramData\Norton
    2017-03-06 00:17 - 2017-03-06 00:17 - 01027888 _____ (Symantec Corporation) C:\Users\arlie\Downloads\NortonNSDownloader.exe
    2017-03-06 00:17 - 2017-03-06 00:17 - 00001317 _____ C:\Users\arlie\Desktop\Norton Installation Files.lnk
    2017-03-06 00:17 - 2017-03-06 00:17 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2017-03-05 21:36 - 2017-03-08 11:29 - 00000000 ____D C:\Program Files (x86)\GlassWire
    2017-03-05 21:36 - 2017-03-05 21:36 - 00001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
    2017-03-05 21:36 - 2017-03-05 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
    2017-03-05 21:36 - 2015-05-28 19:30 - 00008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
    2017-03-05 21:36 - 2015-05-28 19:15 - 00033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
    2017-03-05 21:15 - 2017-03-05 21:35 - 30715264 _____ (SecureMix LLC) C:\Users\arlie\Downloads\GlassWireSetup (1).exe
    2017-03-02 14:51 - 2017-03-02 14:51 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-03-02 14:51 - 2017-03-02 14:51 - 00000000 ____D C:\Users\arlie\AppData\Roaming\vlc
    2017-03-02 14:51 - 2017-03-02 14:51 - 00000000 ____D C:\Users\arlie\AppData\Roaming\dvdcss
    2017-03-02 14:51 - 2017-03-02 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2017-03-02 14:51 - 2017-03-02 14:51 - 00000000 ____D C:\Program Files\VideoLAN
    2017-03-02 14:49 - 2017-03-02 14:50 - 31717016 _____ C:\Users\arlie\Downloads\vlc-2.2.4-win64.exe
    2017-03-02 10:42 - 2017-03-02 10:45 - 00000000 ____D C:\Users\arlie\AppData\Local\2ad7e5a244
    2017-03-02 10:16 - 2017-03-02 10:16 - 00000000 ____D C:\Users\arlie\AppData\Local\c52599c6
    2017-02-14 20:04 - 2017-02-14 20:04 - 00000000 ____D C:\Users\arlie\ansel
    2017-02-14 16:31 - 2017-02-09 13:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2017-02-14 16:29 - 2017-02-09 17:33 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 34979384 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 28242488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 19007016 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00991288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00719856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00618416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00573448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
    2017-02-14 16:29 - 2017-02-09 17:33 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-08 15:05 - 2017-01-12 07:49 - 01460158 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-03-08 15:00 - 2017-01-12 08:04 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-03-08 14:59 - 2017-01-19 17:21 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-08 14:59 - 2017-01-12 09:02 - 00000000 __SHD C:\Users\arlie\IntelGraphicsProfiles
    2017-03-08 14:59 - 2017-01-12 08:20 - 00000000 ____D C:\Users\arlie\AppData\LocalLow\Mozilla
    2017-03-08 14:59 - 2017-01-12 08:10 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-03-08 14:59 - 2017-01-12 07:55 - 00000000 ____D C:\Users\arlie
    2017-03-08 14:59 - 2017-01-12 05:44 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-08 14:59 - 2017-01-12 05:44 - 00000000 ____D C:\Windows\system32\SleepStudy
    2017-03-08 12:18 - 2017-01-13 02:21 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6E30C56B-E2D3-40B6-BC4D-C6428CEB3C20}
    2017-03-07 19:09 - 2017-01-12 08:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-03-07 19:09 - 2017-01-12 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-03-07 19:08 - 2016-07-15 21:04 - 00524288 _____ C:\Windows\system32\config\BBI
    2017-03-07 18:49 - 2017-01-19 17:21 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-07 18:49 - 2017-01-19 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-07 12:21 - 2016-07-16 02:45 - 00000000 ____D C:\Windows\INF
    2017-03-07 02:31 - 2017-01-14 07:23 - 00000000 ____D C:\Users\arlie\AppData\Local\CrashDumps
    2017-03-06 00:23 - 2016-07-15 21:04 - 00032768 _____ C:\Windows\system32\config\ELAM
    2017-03-06 00:22 - 2016-07-16 02:47 - 00000000 ___HD C:\Windows\ELAMBKUP
    2017-03-04 11:35 - 2017-02-03 12:24 - 00000000 ____D C:\Users\arlie\AppData\Local\ElevatedDiagnostics
    2017-03-03 08:04 - 2016-07-16 02:47 - 00000000 ____D C:\Windows\AppReadiness
    2017-03-02 06:57 - 2016-07-16 02:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-24 06:23 - 2017-01-19 17:21 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-02-22 18:00 - 2017-01-12 08:42 - 00000000 ____D C:\Windows\system32\MRT
    2017-02-22 17:59 - 2017-01-12 08:42 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-02-21 17:31 - 2017-01-12 07:59 - 00000000 ____D C:\Users\arlie\AppData\Local\Packages
    2017-02-21 16:17 - 2016-07-16 02:36 - 00000000 ____D C:\Windows\CbsTemp
    2017-02-14 16:32 - 2017-01-12 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-02-14 16:32 - 2017-01-12 08:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-02-12 15:24 - 2016-07-16 02:47 - 00000000 ____D C:\Windows\system32\NDF
    2017-02-10 00:55 - 2016-07-16 02:47 - 00000000 ____D C:\Windows\LiveKernelReports
    2017-02-09 17:33 - 2016-09-23 21:42 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2017-02-09 17:33 - 2016-09-23 21:42 - 03597128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-02-09 17:33 - 2016-09-23 18:42 - 00043556 _____ C:\Windows\system32\nvinfo.pb
    2017-02-09 14:13 - 2017-01-14 07:16 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
    2017-02-09 13:57 - 2017-01-12 08:03 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
    2017-02-09 13:57 - 2017-01-12 08:03 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2017-02-09 13:57 - 2017-01-12 08:03 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2017-02-06 10:48 - 2016-07-16 02:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-02-06 10:48 - 2016-07-16 02:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2017-01-13 08:17 - 2017-01-13 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2017-03-07 17:46 - 2016-12-18 02:47 - 1886344 _____ (Microsoft Corporation) C:\Users\arlie\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-03-08 06:03

    ==================== End of FRST.txt ============================
     
  2. auen1

    auen1

    Joined:
    Nov 18, 2011
    Messages:
    1,042
    Location:
    Nome, Ak
    PCMech blocked it again.
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Staff Member

    Joined:
    Jan 20, 2015
    Messages:
    582
    Location:
    Daly City, CA
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  4. auen1

    auen1

    Joined:
    Nov 18, 2011
    Messages:
    1,042
    Location:
    Nome, Ak
    OK, thanks Broni,
    Got busy right now, but will try to post the log this evening.

    Many thanks again!
     
  5. Broni

    Broni Malware Annihilator Staff Member

    Joined:
    Jan 20, 2015
    Messages:
    582
    Location:
    Daly City, CA
  6. auen1

    auen1

    Joined:
    Nov 18, 2011
    Messages:
    1,042
    Location:
    Nome, Ak
    Hi Broni,
    I'm back again. Here's the log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
    Ran by arlie (10-03-2017 07:39:36) Run:1
    Running from C:\Users\arlie\Desktop
    Loaded Profiles: arlie (Available Profiles: defaultuser0 & arlie)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    GroupPolicy: Restriction <======= ATTENTION
    S2 EraserSvc11621; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe" /h ccCommon [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170306.002\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170306.002\NAVEX15.SYS [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    2017-01-13 08:17 - 2017-01-13 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-03-07 17:46 - 2016-12-18 02:47 - 1886344 _____ (Microsoft Corporation) C:\Users\arlie\AppData\Local\Temp\dllnt_dump.dll

    *****************

    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    HKLM\System\CurrentControlSet\Services\EraserSvc11621 => key removed successfully
    EraserSvc11621 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MSICDSetup => key removed successfully
    MSICDSetup => service removed successfully
    HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
    HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
    HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => key removed successfully
    NTIOLib_1_0_C => service removed successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\Users\arlie\AppData\Local\Temp\dllnt_dump.dll => moved successfully

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-03-2017 07:40:30)


    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
    HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.

    ==== End of Fixlog 07:40:30 ====
     
  7. Broni

    Broni Malware Annihilator Staff Member

    Joined:
    Jan 20, 2015
    Messages:
    582
    Location:
    Daly City, CA
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  8. auen1

    auen1

    Joined:
    Nov 18, 2011
    Messages:
    1,042
    Location:
    Nome, Ak
    Hi Broni,
    Sorry, I got busy.
    But I'll try tomorrow to follow up on the next steps.

    Thanks again!
     
  9. Broni

    Broni Malware Annihilator Staff Member

    Joined:
    Jan 20, 2015
    Messages:
    582
    Location:
    Daly City, CA