Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Malware issues - many symptoms listed - AV cannot identify a problem


  • Please log in to reply
30 replies to this topic

#1 rschou2132

rschou2132

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 19 January 2017 - 06:41 PM

Hello,

First, thank you for any help you can provide.
 

There is something significantly wrong with at least one, if not more, computers in my home. The main computer I am concerned about is a desktop that runs Windows 8.1 Pro x64. I have a windows 7 home disk and a windows 8 pro usb drive. Anti-virus software I use is Norton 360. A couple months ago my computer started to run a little slower. Then over the past week or two it became very obvious that the computer was infected. 

 

The main symptoms I see are listed below:

 

1) Slow boot times. Almost every boot takes minutes instead of seconds. I have two solid state drives running in the computer and was getting boot times around 15 seconds. Today it must have taken 2 minutes to boot.

2) Internet cuts out. After using the computer for a while the internet will no longer work. At all. Webpages can't be found, apps cannot access the internet. It's not slow, it completely fails.

 

3) Computer will not wake from hibernation/sleep mode. If I walk away from the computer for a while and come back, the screen will stay black. Need to hard reset.

 

4) screen regularly flashes. About every 10 minutes (rough estimate) the screen flashes. I can't really tell what is flashing, but I notice it at night when it seems like a distant camera flash went off in the house. It took me a while to realize it was my monitor since I wasn't using it. Seeing it happen maybe twice, it seems like it very quickly flashes a blue screen.

 

5) Cannot turn the computer off. If I try to do a normal shut down through the menu (or alt+f4) it won't respond at all. I need to hold down the power button (this started just over the last week.

 

6) Today, when I tried to run FRST I had problems. The computer would delete the download immediately after it completed. Luckily I had already downloaded the file. When I ran it, it would error, not be responsive and the scan wouldn't complete. I had run FRST on Saturday so I've posted those results here.

 

In general, the computer has gotten progressively worse over time.

 

I do also have a Surface Pro 4 that is on the same network and was performing slowly. I reformatted it about a month ago. It's seemingly working pretty well now, but of course I'm concerned that the virus could have infected that as well. In general I'm concerned about my network in general. I run a Synology NAS and QNAP NAS as well. One is used for personal file sharing across devices on the network and the other is for work documents. I worry that since the majority of my files are on the NAS devices and accessed by other computers that numerous devices might be infected. Let me know if I should post information on any of these systems as well.

Thanks again for any help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by Russell (administrator) on RUSSELL (14-01-2017 17:53:21)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-29] (CyberLink Corp.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe" 
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe" 
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr [688992 2017-01-14] (Swearware)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170113.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:53 - 2017-01-14 17:53 - 00036831 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-14 17:52 - 2017-01-14 17:53 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-14 17:52 - 02419200 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 17:46 - 2017-01-14 17:46 - 00688992 _____ (Swearware) C:\Users\Russell\Desktop\dds.scr
2017-01-14 17:24 - 2017-01-14 17:24 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007 (1).pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:46 - 2015-12-17 11:56 - 00000000 ___DO C:\Users\Russell\OneDrive
2017-01-14 17:41 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-14 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-14 17:37 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-14 17:35 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-14 17:34 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-14 17:34 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 17:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 17:29 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:24 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:51 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-14 12:38 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-14 12:28 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 11:50 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:15 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:25 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-10 23:22 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:20 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-10 22:59 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-02 03:06 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-02 01:12 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links
2016-12-22 17:42 - 2014-11-21 11:23 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:42 - 2014-11-21 11:23 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 06:19 - 2013-08-22 09:44 - 00482536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 16:56 - 2016-03-11 20:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Holotable
2016-12-16 14:58 - 2016-03-08 09:21 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 14:58 - 2016-03-08 09:21 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 14:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-15 06:59 - 2016-03-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 11:46

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 22 January 2017 - 03:10 PM

bump, please help.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 24 January 2017 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Profiles=GettingStarted [not found]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

P.S.
Post also the Addition.txt file that was created by the Farbar tool. I need to review it.

What problem persists on this computer.

#4 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 24 January 2017 - 11:53 AM

Thank you! Below is the fixlog. However, it did not create a new addition file. I re-ran a scan and posted the addition file from that (as well as the FRST log if that's helpful).

 

Again, thank you. Your help is much appreciated.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Russell (24-01-2017 11:25:21) Run:1
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Profiles=GettingStarted [not found]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKCR\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found. 
Profiles=GettingStarted [not found] => Error: No automatic fix found for this entry.
C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj => moved successfully
C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User => not found
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\cpuz136 => key removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79583776 B
Java, Flash, Steam htmlcache => 37754290 B
Windows/system/drivers => 1048784 B
Edge => 0 B
Chrome => 150824000 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 279176 B
NetworkService => 10866 B
Russell => 41710154 B
 
RecycleBin => 205274042 B
EmptyTemp: => 504.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-01-2017 11:33:07)
 
"C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Could not move
"C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx" => Could not move
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
 
==== End of Fixlog 11:33:07 ====

Attached Files



#5 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 24 January 2017 - 12:23 PM

haven't been using it for very long. It does appear to boot a hare faster now. But still very abnormally slow. Will report anything else I notice throughout the day



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 24 January 2017 - 02:16 PM


Check the this section FF ProfilePath: [Profiles] of the FRST log.

Is this normal?

Profiles=GettingStarted [not found]
[not found]
[not found]
[not found]


===

The only suspicious items in your Addition.txt file are the many Firewall setting about Trend Micro

If Trend Micro was removed and replaced by Norton I suggest you download and run their Uninstaller tool from this site.

https://www.techsupportall.com/trend-micro-uninstaller-tool/

=

When competed restart the computer normally.

p.s.
Your Norton Norton Security Suite is shown as Disabled in the Addition.txt log.
Enable it and let me know how the computer is performing of if you have other issues?

#7 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 24 January 2017 - 04:19 PM

I ran the Trend Micro uninstaller. I had used the online scan tool to try and double check Norton. Norton was disabled because I the FRST scans were not completing. Wasn't sure if Norton was interfering (as it deleted the files when I downloaded them immediately). When I disabled it, the scan completed successfully, so this is why you saw it disabled. 

 

In terms of what I'm seeing, I do still experience problems with the boot times, I haven't seen anythings else yet. It seems to boot near normal to the login screen. Once I type my pin in, it takes about a full minute to get to my desktop. I tried to uninstall all programs that I don't use, and that didn't help.

 

As for the profiles you've posted, I'm not sure what that means. The only place I see that in the log in under firefox. Which is weird because I don't have it installed. Possibly did at one point and uninstalled it.

 

So are you saying that my computer looks clean? If so should I just reformat?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 25 January 2017 - 08:38 AM

Wasn't sure if Norton was interfering (as it deleted the files when I downloaded them immediately).

I know about this as I also have Norton. New versions of the tools we suggest are not always like by Norton.
When downloadind a program if Norton has never seen the program it will give you a notice that the file needs your attention.
You have to follow the instructions and accept the download. Otherwise the file will be quarantined.
You can restore it.
https://support.norton.com/sp/en/us/home/current/solutions/v54276523_nis_mac_retail_6_en_us

---
 

As for the profiles you've posted, I'm not sure what that means. The only place I see that in the log in under firefox. Which is weird because I don't have it installed. Possibly did at one point and uninstalled it.


Lets remove these registry entry for FireFox.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
 [not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
 [not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
 [not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

 

I do still experience problems with the boot times, I haven't seen anythings else yet. It seems to boot near normal to the login screen. Once I type my pin in, it takes about a full minute to get to my desktop.


Remove the password.

Can I sign in to Windows without a password?
https://support.microsoft.com/en-us/help/14064/windows-8-sign-in-to-windows-without-password

Restart the computer normally.

If the problem is solved create a new password if you feel you need one.

Keep me posted.

#9 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 25 January 2017 - 11:08 PM

Okay fixlog is attached and posted below. To remove the pin it looks like i need to switch to a local account, meaning i can't use the microsoft store. Since it sucks anyway I'll do this, maybe just even to test or until the store becomes useful. Will write back after I've had some time to play around on the computer. Thanks for your help.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Russell (25-01-2017 22:58:35) Run:2
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath:
[Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
 
[not
found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
 
[not
found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
 
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
ProfilePath: [Profiles] => Error: No automatic fix found for this entry.
Profiles=GettingStarted [not found] => Error: No automatic fix found for this entry.
[Profiles] => Error: No automatic fix found for this entry.
Profiles=GettingStarted => Error: No automatic fix found for this entry.
Weekdays => Error: No automatic fix found for this entry.
weekend => Error: No automatic fix found for this entry.
[Weekdays] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1=Origin;battlefield;steam => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=20 => Error: No automatic fix found for this entry.
UnlockDiff=20 => Error: No automatic fix found for this entry.
ProfileAccessNone=0 => Error: No automatic fix found for this entry.
ProfileAccessRandom=1 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList=0000-0600 => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=0 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=0 => Error: No automatic fix found for this entry.
day7=0 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[GettingStarted] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1= => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=5 => Error: No automatic fix found for this entry.
UnlockDiff=5 => Error: No automatic fix found for this entry.
ProfileAccessNone=1 => Error: No automatic fix found for this entry.
ProfileAccessRandom=0 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList= => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=1 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=1 => Error: No automatic fix found for this entry.
day7=1 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[weekend] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1= => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=60 => Error: No automatic fix found for this entry.
UnlockDiff=60 => Error: No automatic fix found for this entry.
ProfileAccessNone=0 => Error: No automatic fix found for this entry.
ProfileAccessRandom=1 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160522 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1341 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList=0100-0800 => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=1 => Error: No automatic fix found for this entry.
day2=0 => Error: No automatic fix found for this entry.
day3=0 => Error: No automatic fix found for this entry.
day4=0 => Error: No automatic fix found for this entry.
day5=0 => Error: No automatic fix found for this entry.
day6=1 => Error: No automatic fix found for this entry.
day7=1 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[not => Error: No automatic fix found for this entry.
found] => Error: No automatic fix found for this entry.
Weekdays => Error: No automatic fix found for this entry.
[Weekdays] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1=Origin;battlefield;steam => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=20 => Error: No automatic fix found for this entry.
UnlockDiff=20 => Error: No automatic fix found for this entry.
ProfileAccessNone=0 => Error: No automatic fix found for this entry.
ProfileAccessRandom=1 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList=2300-2359,0000-0600 => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=0 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=0 => Error: No automatic fix found for this entry.
day7=0 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[GettingStarted] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1= => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=5 => Error: No automatic fix found for this entry.
UnlockDiff=5 => Error: No automatic fix found for this entry.
ProfileAccessNone=1 => Error: No automatic fix found for this entry.
ProfileAccessRandom=0 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList= => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=1 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=1 => Error: No automatic fix found for this entry.
day7=1 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[not => Error: No automatic fix found for this entry.
found] => Error: No automatic fix found for this entry.
weekend => Error: No automatic fix found for this entry.
[Weekdays] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1=Origin;battlefield;steam => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=20 => Error: No automatic fix found for this entry.
UnlockDiff=20 => Error: No automatic fix found for this entry.
ProfileAccessNone=0 => Error: No automatic fix found for this entry.
ProfileAccessRandom=1 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList=2300-2359;0000-0600 => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=0 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=0 => Error: No automatic fix found for this entry.
day7=0 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[GettingStarted] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1= => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=5 => Error: No automatic fix found for this entry.
UnlockDiff=5 => Error: No automatic fix found for this entry.
ProfileAccessNone=1 => Error: No automatic fix found for this entry.
ProfileAccessRandom=0 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160327 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1547 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList= => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=1 => Error: No automatic fix found for this entry.
day2=1 => Error: No automatic fix found for this entry.
day3=1 => Error: No automatic fix found for this entry.
day4=1 => Error: No automatic fix found for this entry.
day5=1 => Error: No automatic fix found for this entry.
day6=1 => Error: No automatic fix found for this entry.
day7=1 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[weekend] => Error: No automatic fix found for this entry.
WebMode=Allow => Error: No automatic fix found for this entry.
WebAction=CloseTab => Error: No automatic fix found for this entry.
WebDelay=0 => Error: No automatic fix found for this entry.
AppMode=Allow => Error: No automatic fix found for this entry.
AppAction=Minimize => Error: No automatic fix found for this entry.
AppDelay=0 => Error: No automatic fix found for this entry.
NumRules=1 => Error: No automatic fix found for this entry.
Titles1= => Error: No automatic fix found for this entry.
Mode1=Block => Error: No automatic fix found for this entry.
Action1=Minimize => Error: No automatic fix found for this entry.
Match1=Any => Error: No automatic fix found for this entry.
Delay1=0 => Error: No automatic fix found for this entry.
ProfileAccessLevel=5 => Error: No automatic fix found for this entry.
ProfileUnlockLevel=60 => Error: No automatic fix found for this entry.
UnlockDiff=60 => Error: No automatic fix found for this entry.
ProfileAccessNone=0 => Error: No automatic fix found for this entry.
ProfileAccessRandom=1 => Error: No automatic fix found for this entry.
ProfileAccessCustom=0 => Error: No automatic fix found for this entry.
ProfileAccessTimed=0 => Error: No automatic fix found for this entry.
ProfileUnlockNone=0 => Error: No automatic fix found for this entry.
ProfileUnlockRandom=1 => Error: No automatic fix found for this entry.
ProfileUnlockCustom=0 => Error: No automatic fix found for this entry.
ProfileUnlockForced=0 => Error: No automatic fix found for this entry.
ProfileAccessUntilDate=20160522 => Error: No automatic fix found for this entry.
ProfileAccessUntilTime=1341 => Error: No automatic fix found for this entry.
ProfileAccessPassword= => Error: No automatic fix found for this entry.
ProfileUnlockPassword= => Error: No automatic fix found for this entry.
Goal= => Error: No automatic fix found for this entry.
ActivateAfterRun=1 => Error: No automatic fix found for this entry.
ShowCountdown=0 => Error: No automatic fix found for this entry.
AllowTempUnlock=1 => Error: No automatic fix found for this entry.
ScheduleList=0100-0800 => Error: No automatic fix found for this entry.
ProfilePriority=5 => Error: No automatic fix found for this entry.
day1=1 => Error: No automatic fix found for this entry.
day2=0 => Error: No automatic fix found for this entry.
day3=0 => Error: No automatic fix found for this entry.
day4=0 => Error: No automatic fix found for this entry.
day5=0 => Error: No automatic fix found for this entry.
day6=1 => Error: No automatic fix found for this entry.
day7=1 => Error: No automatic fix found for this entry.
EnabledRUSSELL=1 => Error: No automatic fix found for this entry.
[not found] => Error: No automatic fix found for this entry.
HKLM\Software\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
 
"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon" folder move:
 
Could not move "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon" => Scheduled to move on reboot.
 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9747400 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 30684804 B
Edge => 0 B
Chrome => 120287409 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6578 B
NetworkService => 0 B
Russell => 232337179 B
 
RecycleBin => 0 B
EmptyTemp: => 390.9 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-01-2017 23:00:58)
 
"C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon" => Could not move
 
==== End of Fixlog 23:01:00 ====

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 26 January 2017 - 09:38 AM



ProfilePath: [Profiles] => Error: No automatic fix found for this entry.
Profiles=GettingStarted [not found] => Error: No automatic fix found for this entry.
[Profiles] => Error: No automatic fix found for this entry.
Profiles=GettingStarted => Error: No automatic fix found for this entry.
etc...


After checking further these entries were created by Firefox Profiles.

To remove them you will have to reinstall Firefox and delete them as suggested in the link below.

https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles#w_moving-a-profile

However there might be some remnant folder created by Firefox that were not removed when you got rid of Firefox.
You can investigate the folders in your computer.

This may be slowing down computer when you boot it.

===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 01 February 2017 - 09:19 AM

Are you still with me?

#12 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 01 February 2017 - 10:07 AM

Yes I'm still here. I installed and removed the firefox profiles as described (though the only profile i saw there was the default one).

 

I've been using the computer over the past few days just to see what's happening. Ultimately, i'm still seeing a lot of the same problems that it had before. There were a few times where the boot cycle was shorter, but now it's taking a long time again. Some programs are taking a long time to open. To the point where I give up on them opening start doing other things and a minute or two later they pop up. I still can't turn off the computer using the shut down menu (only through holding down the power button). I'm pretty baffled here. I'm happy to run more scans, but part of me thinks that if you're not finding cause for a virus that I just reformat the computer and see if it starts to run normally again. Let me know what you think.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 01 February 2017 - 11:12 AM



Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.
<<<>>>

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Run the application and updates all the programs/drivers that needs to be updated.
===

#14 rschou2132

rschou2132
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 03 February 2017 - 06:16 PM

Hi Nasdaq. Thanks so much for all the help. I ran the SCF scan and it output the following message:

 

"Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.log."

 

So it seems like the name of the log is different than you specified (unless I'm missing something). So i've attached that log here. It's very long, so I can't copy paste, but there are many corrupt files it seems. Let me know how you'd like to proceed.

 

I'll be installing the PSI software now.

Attached Files

  • Attached File  CBS.log   248.22KB   0 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:42 PM

Posted 04 February 2017 - 08:33 AM


Quoted from my previous instructions
When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Look at "More Information" at the bottom of the page.

Post the Sfcdetails.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users