Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

PUP.Optional.Elex.ShrtCln not going away

This is a discussion on PUP.Optional.Elex.ShrtCln not going away within the Resolved HJT Threads forums, part of the Tech Support Forum category. Bit of an oddball one here, it seems I've been infected by PUP.Optional.Elex.ShrtCln. If I run Malwarebytes, quarantine all threats,


 
 
Thread Tools Search this Thread
Old 08-31-2016, 10:28 PM   #1
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Bit of an oddball one here, it seems I've been infected by PUP.Optional.Elex.ShrtCln.

If I run Malwarebytes, quarantine all threats, then run AdwCleaner and clean all threats, and then run Hitman Pro and again, remove all threats, and restart my computer, then run malwarebytes again, it detects nothing; my computer is supposedly clean.
However, as soon as I run chrome and login to chrome again (malwarebytes detects user data as a threat, and thus logs me out of chrome, deletes all browser data, etc), then run malwarebytes, the same number of threats is detected as though nothing ever happened.

I don't know what else to do. If it weren't for the fact that this PUP seems to be messing with web browsing (pages constantly stop responding and need to be killed then reloaded) I wouldn't be so concerned as it's only a PUP.

In any case, I'd love some help getting rid of this nuisance.

Contents of DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840 BrowserJavaVersion: 11.40.2
Run by Ronan-SSD at 15:22:40 on 2016-09-01
Microsoft Windows 8.1 Pro 6.3.9600.0.1252.1.1033.18.8146.6020 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\GWX\GWX.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\puush\puush.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = Google
mDefault_Page_URL = Google
mDefault_Search_URL = Google
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Dropbox Update] "C:\Users\Ronan-SSD\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [GoogleChromeAutoLaunch_E96DD8F544B645835A87A560E6A5BBE7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
uRun: [Pushbullet] "C:\Program Files (x86)\Pushbullet\pushbullet.exe" -show false
uRun: [Spotify Web Helper] "C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [f.lux] "C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun: [Corsair Utility Engine] "D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
StartupFolder: C:\Users\RONAN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STEELS~1.LNK -
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: hola.org
TCP: NameServer = 8.8.8.8,8.8.8.4
TCP: Interfaces\{299ECBDE-9E78-4D96-BAFB-DF4A94CDA163} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2A8FC662-6C81-405E-A7B6-CFAE94E167ED} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4B3C2388-9F76-49B0-85B8-9BFE758DC1FE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{61909A70-8F94-41D1-8079-EAFF45CFAC0B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6B6F93AE-684B-400A-B48B-961831CBD8A2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{95404119-8112-4570-8416-F95CB08627A0} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E5560FB3-E907-4AF0-9E47-29584CA22792} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F8CFEE8F-A95C-4FC0-9C16-B5B3F895E7AC} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = Google
x64-mSearch Page = Google
x64-mDefault_Page_URL = Google
x64-mDefault_Search_URL = Google
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [XMouseButtonControl] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: EnableShellExecuteHooks = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2014-12-29 39744]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-12-28 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-6-29 80384]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-4-7 694464]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-9-4 2159320]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2014-12-29 38792]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-28 1163200]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-28 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-7-22 2521024]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-12-10 186048]
R2 rzpmgrk;rzpmgrk;C:\WINDOWS\System32\drivers\rzpmgrk.sys [2015-1-12 37184]
R2 rzpnk;rzpnk;C:\WINDOWS\System32\drivers\rzpnk.sys [2015-1-12 129600]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-3-17 754784]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-4-24 426040]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-28 5426448]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2014-12-29 38792]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2015-10-30 47840]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2015-10-30 21728]
R3 EuMusDesignVirtualAudioCableWdm;@oem62.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);C:\WINDOWS\System32\drivers\vrtaucbl.sys [2015-5-5 98464]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\WINDOWS\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2014-12-29 38792]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-28 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-3-31 3632576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-4-24 56384]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2014-12-25 843480]
R3 tapoas;TAP-Win32 Adapter OAS;C:\WINDOWS\System32\drivers\tapoas.sys [2015-2-4 30720]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-6-10 114496]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-6-10 366520]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-12-29 226304]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2014-12-29 38792]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-12-31 1225216]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2014-12-29 38792]
S3 celavimushost;Celavimus Client Host;C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [2015-11-8 124120]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-3-17 120416]
S3 HitmanPro37Crusader;HitmanPro 3.7 Crusader;C:\Users\Ronan-SSD\Desktop\HitmanPro_x64.exe [2016-8-23 11438608]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-12-28 114688]
S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2014-3-18 22272]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2014-12-29 38792]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [2013-5-31 64280]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2014-12-29 87040]
S3 Origin Client Service;Origin Client Service;F:\Program Files (x86)\Origin\OriginClientService.exe [2014-1-12 2122248]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-12-29 921920]
S3 rzdaendpt;Razer DeathAdder end point;C:\WINDOWS\System32\drivers\rzdaendpt.sys [2014-9-5 33448]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\WINDOWS\System32\drivers\RzMaelstromVAD.sys [2014-6-9 32768]
S3 rzudd;Razer Mouse Driver;C:\WINDOWS\System32\drivers\rzudd.sys [2014-12-30 177832]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\WINDOWS\System32\drivers\rzvkeyboard.sys [2014-12-30 31912]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2014-12-29 38792]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-3-18 146776]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2014-12-29 38792]
S3 ssdevfactory;SteelSeries Device Factory Service;C:\WINDOWS\System32\drivers\ssdevfactory.sys [2015-1-3 16896]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2014-3-18 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2014-3-18 129536]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2014-12-29 38792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2014-12-29 38792]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2014-12-29 38792]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2014-12-29 38792]
.
=============== Created Last 30 ================
.
2016-08-24 09:27:34 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2016-08-24 00:22:57 12872 ----a-w- C:\WINDOWS\System32\bootdelete.exe
2016-08-23 08:47:26 -------- d-----w- C:\ProgramData\HitmanPro
.
==================== Find3M ====================
.
2016-09-01 04:27:29 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-06-15 20:40:57 484008 ------w- C:\WINDOWS\System32\MpSigStub.exe
2016-06-14 08:01:13 226168 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.exe
2016-06-14 08:01:13 226168 ----a-w- C:\WINDOWS\SysWow64\PnkBstrB.ex0
.
============= FINISH: 15:22:48.13 ===============
Attached Files
File Type: txt attach.txt (12.9 KB, 27 views)
HomicidalBunny is offline  
Sponsored Links
Advertisement
 
Old 09-01-2016, 08:49 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-01-2016, 07:18 PM   #3
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Thanks for the reply.

I understand the risks involved with participating in P2P file sharing, and always take the necessary precautions to reduce the risk of becoming infected via that medium (i.e. scanning every folder/archive that I download).

Please find attached Addition.txt.

Below is the contents of FRST.txt

========================================
========================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Ronan-SSD (administrator) on RONAN (02-09-2016 12:11:45)
Running from C:\Users\Ronan-SSD\Desktop
Loaded Profiles: Ronan-SSD (Available Profiles: Ronan-SSD)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
() C:\Program Files (x86)\puush\puush.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Flux Software LLC) C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Corsair Components, Inc.) D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767248 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-03] (Highresolution Enterprises)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13532992 2015-11-25] (Corsair Components, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Dropbox Update] => C:\Users\Ronan-SSD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-07-02] ()
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [GoogleChromeAutoLaunch_E96DD8F544B645835A87A560E6A5BBE7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Spotify Web Helper] => C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1021736 2016-01-08] (Samsung)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [f.lux] => C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-01]
ShortcutTarget: SteelSeries Engine 3.lnk -> (No File)
Startup: C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{299ECBDE-9E78-4D96-BAFB-DF4A94CDA163}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2A8FC662-6C81-405E-A7B6-CFAE94E167ED}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4B3C2388-9F76-49B0-85B8-9BFE758DC1FE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{61909A70-8F94-41D1-8079-EAFF45CFAC0B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6B6F93AE-684B-400A-B48B-961831CBD8A2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{95404119-8112-4570-8416-F95CB08627A0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E5560FB3-E907-4AF0-9E47-29584CA22792}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F8CFEE8F-A95C-4FC0-9C16-B5B3F895E7AC}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mystartsearch.com/?type=hp&ts=1438669661&z=02a692ed858524de159a223gfz5c9b2q9q1t8wet6q&from=wpc&uid=TS256GSSD370_B766491665","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBnAoC30oBk..&v=20160629&uid=C926B05B9B8F87A1F4BB8DDA69F468E9&ptid=amz&mode=loadm"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Adguard AdBlocker) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-01]
CHR Extension: (YouTube) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Search by Image (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-09-01]
CHR Extension: (Video Title Adder) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh [2016-09-01]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-09-01]
CHR Extension: (EditThisCookie) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-01]
CHR Extension: (AdBlock) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-01]
CHR Extension: (Imgur to Gfycat) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2016-09-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
CHR Extension: (My Chrome Theme) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-01]
CHR Extension: (ScriptSafe) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-09-01]
CHR Extension: (Hover Zoom+) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-09-01]
CHR Extension: (Gmail) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adguard AdBlocker) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-06-30]
CHR Extension: (YouTube) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Search by Image (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-08-18]
CHR Extension: (Video Title Adder) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh [2016-02-04]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-06-10]
CHR Extension: (EditThisCookie) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-30]
CHR Extension: (Imgur to Gfycat) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2016-02-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-24]
CHR Extension: (My Chrome Theme) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (ScriptSafe) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-07-01]
CHR Extension: (Hover Zoom+) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-07-01]
CHR Extension: (Gmail) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-12-05] ()
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-11-08] (altPUG LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S3 HitmanPro37Crusader; C:\Users\Ronan-SSD\Desktop\HitmanPro_x64.exe [11438608 2016-08-23] (SurfRight B.V.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-11] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-05-08] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-05-08] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-22] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [16896 2015-01-03] (SteelSeries ApS) [File not signed]
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-16] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 12:11 - 2016-09-02 12:11 - 02397696 _____ (Farbar) C:\Users\Ronan-SSD\Desktop\FRST64.exe
2016-09-02 12:11 - 2016-09-02 12:11 - 00033645 _____ C:\Users\Ronan-SSD\Desktop\FRST.txt
2016-09-02 12:11 - 2016-09-02 12:11 - 00000000 ____D C:\FRST
2016-09-01 15:22 - 2016-09-01 15:22 - 00019206 _____ C:\Users\Ronan-SSD\Desktop\dds.txt
2016-09-01 15:22 - 2016-09-01 15:22 - 00013231 _____ C:\Users\Ronan-SSD\Desktop\attach.txt
2016-09-01 15:18 - 2016-09-01 15:18 - 00688992 ____R (Swearware) C:\Users\Ronan-SSD\Desktop\dds.scr
2016-08-25 11:19 - 2016-08-25 11:19 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-24 10:22 - 2016-09-01 14:03 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-08-24 10:22 - 2016-08-24 10:22 - 00000342 _____ C:\WINDOWS\system32\bootdelete.lst
2016-08-23 18:47 - 2016-08-24 10:42 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-23 18:47 - 2016-08-23 18:47 - 11438608 _____ (SurfRight B.V.) C:\Users\Ronan-SSD\Desktop\HitmanPro_x64.exe
2016-08-23 18:10 - 2016-08-23 18:10 - 03784256 _____ C:\Users\Ronan-SSD\Desktop\adwcleaner_6.000 (1).exe
2016-08-23 18:07 - 2016-08-23 18:08 - 22851472 _____ (Malwarebytes ) C:\Users\Ronan-SSD\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-23 08:29 - 2016-08-23 08:29 - 00088062 _____ C:\Users\Ronan-SSD\Desktop\2410080686262.pdf
2016-08-16 11:45 - 2016-08-16 11:45 - 00393779 _____ C:\Users\Ronan-SSD\Desktop\Week1_Tutorial_Lab_Solutions.pdf
2016-08-13 17:28 - 2016-08-13 17:28 - 00015382 _____ C:\Users\Ronan-SSD\Desktop\ipconfig_output (1).txt
2016-08-13 17:19 - 2016-08-13 17:19 - 03784256 _____ C:\Users\Ronan-SSD\Desktop\adwcleaner_6.000.exe
2016-08-13 17:15 - 2016-08-13 17:15 - 00015382 _____ C:\Users\Ronan-SSD\Desktop\ipconfig_output.txt
2016-08-13 17:14 - 2016-08-13 17:14 - 00015382 _____ C:\WINDOWS\system32\ipconfig_output.txt
2016-08-10 22:57 - 2016-08-10 22:57 - 00001640 _____ C:\Users\Ronan-SSD\Desktop\Buggy Losi 8ight 2.0.rca
2016-08-10 22:56 - 2016-08-10 22:56 - 00000360 _____ C:\Users\Ronan-SSD\Desktop\RCCrewChief V4.2.appref-ms
2016-08-10 22:56 - 2016-08-10 22:56 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wright Engineering and Design
2016-08-10 22:54 - 2016-08-10 22:54 - 00467968 _____ () C:\Users\Ronan-SSD\Desktop\setup (1).exe
2016-08-09 12:16 - 2016-08-09 12:27 - 00074240 _____ C:\Users\Ronan-SSD\Desktop\WA-Registrations-2016-ACT-Seed-Ver.2.xls
2016-08-09 11:58 - 2016-08-09 11:58 - 00073728 _____ C:\Users\Ronan-SSD\Desktop\WA-Registrations-2016.xls
2016-08-08 15:05 - 2016-08-08 15:05 - 02024740 _____ C:\Users\Ronan-SSD\Desktop\Week1_Tutorial_Lab.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 11:48 - 2015-01-12 17:17 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Adobe
2016-09-02 01:16 - 2015-08-18 13:35 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-02 01:13 - 2015-06-16 16:02 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-114092626-1339817701-1890131306-1001UA.job
2016-09-01 22:23 - 2015-08-04 16:23 - 00000474 _____ C:\WINDOWS\Tasks\MediaPro.job
2016-09-01 21:28 - 2014-12-28 06:10 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-01 20:13 - 2015-06-16 16:02 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-114092626-1339817701-1890131306-1001Core.job
2016-09-01 19:18 - 2015-08-30 20:45 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Virtual RC Pro
2016-09-01 17:54 - 2016-07-04 14:34 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\vlc
2016-09-01 17:54 - 2014-12-28 06:01 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Spotify
2016-09-01 17:46 - 2015-01-04 06:50 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Spotify
2016-09-01 14:32 - 2014-12-28 05:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-09-01 14:32 - 2014-03-18 20:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-01 14:32 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-01 14:31 - 2014-12-28 05:52 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-114092626-1339817701-1890131306-1001
2016-09-01 14:28 - 2014-12-26 00:35 - 00000000 ____D C:\AdwCleaner
2016-09-01 14:27 - 2014-12-31 12:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-01 14:27 - 2014-12-25 20:45 - 00000000 ___RD C:\Users\Ronan-SSD\Dropbox
2016-09-01 14:26 - 2015-08-18 13:35 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-01 14:26 - 2015-07-22 13:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-01 14:26 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-01 14:26 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-01 14:24 - 2016-05-04 12:51 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-09-01 14:24 - 2016-03-21 15:26 - 00000467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2014.lnk
2016-09-01 14:24 - 2016-03-03 15:32 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-09-01 14:24 - 2015-12-19 13:42 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
2016-09-01 14:24 - 2015-12-19 13:16 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2016-09-01 14:24 - 2015-08-25 15:36 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2016-09-01 14:24 - 2015-08-18 13:36 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-01 14:24 - 2015-08-16 19:06 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-01 14:24 - 2015-08-04 15:10 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2016-09-01 14:24 - 2015-07-20 14:06 - 00001040 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lol.launcher.admin.lnk
2016-09-01 14:24 - 2015-07-13 13:56 - 00000943 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vibrance.GUI.lnk
2016-09-01 14:24 - 2015-06-04 23:38 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-09-01 14:24 - 2015-02-27 10:35 - 00000878 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2016-09-01 14:24 - 2015-01-20 18:33 - 00001263 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DisplayFusion.lnk
2016-09-01 14:24 - 2014-12-31 14:14 - 00001617 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DayZ Commander.lnk
2016-09-01 14:24 - 2014-12-28 06:01 - 00001874 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-01 14:24 - 2014-12-28 06:00 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-09-01 14:24 - 2014-12-28 05:58 - 00001889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-09-01 14:24 - 2014-12-28 05:47 - 00001418 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-01 14:24 - 2014-12-28 05:44 - 00000445 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-09-01 14:24 - 2014-12-28 05:44 - 00000443 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-09-01 14:23 - 2016-05-15 23:52 - 00001193 _____ C:\Users\Public\Desktop\Wondershare PDFelement.lnk
2016-09-01 14:23 - 2016-05-04 12:51 - 00001151 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-09-01 14:23 - 2016-04-01 14:36 - 00000619 _____ C:\Users\Public\Desktop\SmartDraw 2016.lnk
2016-09-01 14:23 - 2016-03-17 22:54 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2016-09-01 14:23 - 2016-03-08 17:04 - 00000525 _____ C:\Users\Public\Desktop\F1 2015.lnk
2016-09-01 14:23 - 2016-02-04 15:40 - 00001098 _____ C:\Users\Ronan-SSD\Desktop\MSI Afterburner.lnk
2016-09-01 14:23 - 2015-11-08 10:35 - 00001207 _____ C:\Users\Public\Desktop\CEVO Client (CSGO).lnk
2016-09-01 14:23 - 2015-08-21 22:13 - 00001350 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2016-09-01 14:23 - 2015-08-18 13:36 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-01 14:23 - 2015-01-21 13:35 - 00000878 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-09-01 14:23 - 2015-01-04 20:10 - 00000564 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-09-01 14:23 - 2014-12-31 14:17 - 00001017 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-01 14:23 - 2014-12-28 22:24 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-01 14:23 - 2014-12-28 06:19 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-01 14:23 - 2014-12-28 06:10 - 00000969 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-01 14:23 - 2014-12-28 06:00 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-01 14:23 - 2014-12-28 06:00 - 00001037 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-09-01 14:23 - 2014-12-28 05:59 - 00001065 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-09-01 14:23 - 2014-12-28 05:58 - 00001871 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-09-01 14:23 - 2014-12-28 05:58 - 00000981 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-09-01 14:23 - 2014-12-25 20:38 - 00001076 _____ C:\Users\Ronan-SSD\Desktop\Dropbox.lnk
2016-09-01 14:23 - 2014-12-25 20:35 - 00001868 _____ C:\Users\Ronan-SSD\Desktop\Spotify.lnk
2016-09-01 14:04 - 2015-01-02 22:04 - 02229760 ___SH C:\Users\Ronan-SSD\Desktop\Thumbs.db
2016-09-01 14:03 - 2013-08-23 00:44 - 05195784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-30 17:04 - 2015-07-16 01:35 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\CrashDumps
2016-08-30 08:19 - 2015-01-21 13:34 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\uTorrent
2016-08-27 18:52 - 2015-08-25 15:38 - 00000034 _____ C:\Users\Ronan-SSD\AppData\Roaming\AdobeWLCMCache.dat
2016-08-27 18:52 - 2015-06-04 23:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-25 18:36 - 2015-02-10 15:28 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Deployment
2016-08-25 11:20 - 2014-12-28 06:03 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Dropbox
2016-08-24 19:27 - 2015-01-21 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-24 19:27 - 2015-01-21 16:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-24 19:27 - 2014-03-18 19:46 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-24 19:27 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 19:27 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-24 19:25 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-24 19:25 - 2013-08-22 23:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-08-23 18:11 - 2014-12-28 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-23 18:11 - 2014-12-28 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 18:06 - 2015-02-27 10:35 - 00000000 ____D C:\ProgramData\Origin
2016-08-23 17:58 - 2014-12-28 05:44 - 00000000 ____D C:\Users\Ronan-SSD
2016-08-13 16:35 - 2014-12-31 09:47 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-13 15:56 - 2015-02-11 14:35 - 00012288 ___SH C:\Users\Ronan-SSD\Downloads\Thumbs.db
2016-08-05 07:08 - 2016-07-01 14:40 - 00000000 ____D C:\Program Files (x86)\Windows Loader

==================== Files in the root of some directories =======

2016-06-28 11:48 - 2016-06-28 11:48 - 0000132 _____ () C:\Users\Ronan-SSD\AppData\Roaming\Adobe PNG Format CC Prefs
2015-08-25 15:38 - 2016-08-27 18:52 - 0000034 _____ () C:\Users\Ronan-SSD\AppData\Roaming\AdobeWLCMCache.dat
2015-03-06 17:42 - 2015-03-06 17:42 - 0000100 _____ () C:\Users\Ronan-SSD\AppData\Roaming\LauncherSettings_live.cfg
2015-03-06 15:00 - 2015-03-06 15:00 - 0000040 _____ () C:\Users\Ronan-SSD\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-06-04 23:48 - 2016-07-27 21:57 - 0001456 _____ () C:\Users\Ronan-SSD\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-30 14:04 - 2016-02-04 15:41 - 0007606 _____ () C:\Users\Ronan-SSD\AppData\Local\Resmon.ResmonCfg
2015-08-04 16:31 - 2015-08-04 16:31 - 0000000 _____ () C:\Users\Ronan-SSD\AppData\Local\Temp.dat
2014-12-28 06:02 - 2014-12-28 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ronan-SSD\AppData\Local\Temp\Hola-Setup-x64-1.13.778.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\nvStInst.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\ose00000.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\setup.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\sonarinst.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\sqlite-3.8.6-amd64-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-22 21:58

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (79.3 KB, 45 views)
HomicidalBunny is offline  
Sponsored Links
Advertisement
 
Old 09-04-2016, 12:50 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny.

It appears you have an illegal copy of Office installed. Is that true?

It also appears you are running an illegal copy of Adobe Photoshop. Is that true?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-04-2016, 07:13 PM   #5
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

I'm not sure, my brother is studying at university and told me he got legitimate copies of Adobe CC and Office through his tutors.

Do you need me to do anything about this?

Cheers.
HomicidalBunny is offline  
Old 09-05-2016, 12:36 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny. Unfortunately MS Office, and the whole suite of Adobe softwares, are illegal(pirated) copies.

Forum rules prevent us from rendering help if the pirated softwares are still installed on the machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-06-2016, 02:06 AM   #7
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

No worries, they have been uninstalled and my brother given a talking-to.

Cheers.
HomicidalBunny is offline  
Old 09-06-2016, 07:05 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny. Please run FRST again, making sure you check the Addition.txt button, before clicking Scan.

Post/attach the logs as before. Cheers.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-07-2016, 12:37 AM   #9
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

As you requested:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Ronan-SSD (administrator) on RONAN (07-09-2016 17:18:13)
Running from C:\Users\Ronan-SSD\Desktop
Loaded Profiles: Ronan-SSD (Available Profiles: Ronan-SSD)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
() C:\Program Files (x86)\puush\puush.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Flux Software LLC) C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Corsair Components, Inc.) D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Ronan-SSD\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767248 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-03] (Highresolution Enterprises)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Corsair Utility Engine] => D:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13532992 2015-11-25] (Corsair Components, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Dropbox Update] => C:\Users\Ronan-SSD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-07-02] ()
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [GoogleChromeAutoLaunch_E96DD8F544B645835A87A560E6A5BBE7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [Spotify Web Helper] => C:\Users\Ronan-SSD\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1021736 2016-01-08] (Samsung)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-114092626-1339817701-1890131306-1001\...\Run: [f.lux] => C:\Users\Ronan-SSD\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-01]
ShortcutTarget: SteelSeries Engine 3.lnk -> (No File)
Startup: C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ronan-SSD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{299ECBDE-9E78-4D96-BAFB-DF4A94CDA163}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2A8FC662-6C81-405E-A7B6-CFAE94E167ED}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4B3C2388-9F76-49B0-85B8-9BFE758DC1FE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{61909A70-8F94-41D1-8079-EAFF45CFAC0B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6B6F93AE-684B-400A-B48B-961831CBD8A2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{95404119-8112-4570-8416-F95CB08627A0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E5560FB3-E907-4AF0-9E47-29584CA22792}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F8CFEE8F-A95C-4FC0-9C16-B5B3F895E7AC}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-28] (Oracle Corporation)

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mystartsearch.com/?type=hp&ts=1438669661&z=02a692ed858524de159a223gfz5c9b2q9q1t8wet6q&from=wpc&uid=TS256GSSD370_B766491665","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBnAoC30oBk..&v=20160629&uid=C926B05B9B8F87A1F4BB8DDA69F468E9&ptid=amz&mode=loadm"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Adguard AdBlocker) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-01]
CHR Extension: (YouTube) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
CHR Extension: (Search by Image (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-09-01]
CHR Extension: (Video Title Adder) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh [2016-09-01]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-09-01]
CHR Extension: (EditThisCookie) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-01]
CHR Extension: (AdBlock) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-01]
CHR Extension: (Imgur to Gfycat) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2016-09-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-06]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
CHR Extension: (My Chrome Theme) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-01]
CHR Extension: (ScriptSafe) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-09-01]
CHR Extension: (Hover Zoom+) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-09-01]
CHR Extension: (Gmail) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adguard AdBlocker) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-06-30]
CHR Extension: (YouTube) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Search by Image (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-08-18]
CHR Extension: (Video Title Adder) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh [2016-02-04]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-06-10]
CHR Extension: (EditThisCookie) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-30]
CHR Extension: (Imgur to Gfycat) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2016-02-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-24]
CHR Extension: (My Chrome Theme) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-27]
CHR Extension: (ScriptSafe) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-07-01]
CHR Extension: (Hover Zoom+) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-07-01]
CHR Extension: (Gmail) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-12-05] ()
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-11-08] (altPUG LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S3 HitmanPro37Crusader; C:\Users\Ronan-SSD\Desktop\HitmanPro_x64.exe [11438608 2016-08-23] (SurfRight B.V.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-11] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-05-08] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-05-08] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-22] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [16896 2015-01-03] (SteelSeries ApS) [File not signed]
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-16] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 11:54 - 2016-09-03 11:54 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 12:12 - 2016-09-02 12:12 - 00081173 _____ C:\Users\Ronan-SSD\Desktop\Addition.txt
2016-09-02 12:11 - 2016-09-07 17:18 - 00034825 _____ C:\Users\Ronan-SSD\Desktop\FRST.txt
2016-09-02 12:11 - 2016-09-07 17:18 - 00000000 ____D C:\FRST
2016-09-02 12:11 - 2016-09-02 12:11 - 02397696 _____ (Farbar) C:\Users\Ronan-SSD\Desktop\FRST64.exe
2016-09-01 15:22 - 2016-09-01 15:22 - 00019206 _____ C:\Users\Ronan-SSD\Desktop\dds.txt
2016-09-01 15:22 - 2016-09-01 15:22 - 00013231 _____ C:\Users\Ronan-SSD\Desktop\attach.txt
2016-09-01 15:18 - 2016-09-01 15:18 - 00688992 ____R (Swearware) C:\Users\Ronan-SSD\Desktop\dds.scr
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 19:27 - 2016-08-24 19:27 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-24 10:22 - 2016-09-01 14:03 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-08-24 10:22 - 2016-08-24 10:22 - 00000342 _____ C:\WINDOWS\system32\bootdelete.lst
2016-08-23 18:47 - 2016-08-24 10:42 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-23 18:47 - 2016-08-23 18:47 - 11438608 _____ (SurfRight B.V.) C:\Users\Ronan-SSD\Desktop\HitmanPro_x64.exe
2016-08-23 18:10 - 2016-08-23 18:10 - 03784256 _____ C:\Users\Ronan-SSD\Desktop\adwcleaner_6.000 (1).exe
2016-08-23 18:07 - 2016-08-23 18:08 - 22851472 _____ (Malwarebytes ) C:\Users\Ronan-SSD\Desktop\mbam-setup-2.2.1.1043.exe
2016-08-23 08:29 - 2016-08-23 08:29 - 00088062 _____ C:\Users\Ronan-SSD\Desktop\2410080686262.pdf
2016-08-16 11:45 - 2016-08-16 11:45 - 00393779 _____ C:\Users\Ronan-SSD\Desktop\Week1_Tutorial_Lab_Solutions.pdf
2016-08-13 17:28 - 2016-08-13 17:28 - 00015382 _____ C:\Users\Ronan-SSD\Desktop\ipconfig_output (1).txt
2016-08-13 17:19 - 2016-08-13 17:19 - 03784256 _____ C:\Users\Ronan-SSD\Desktop\adwcleaner_6.000.exe
2016-08-13 17:15 - 2016-08-13 17:15 - 00015382 _____ C:\Users\Ronan-SSD\Desktop\ipconfig_output.txt
2016-08-13 17:14 - 2016-08-13 17:14 - 00015382 _____ C:\WINDOWS\system32\ipconfig_output.txt
2016-08-10 22:57 - 2016-08-10 22:57 - 00001640 _____ C:\Users\Ronan-SSD\Desktop\Buggy Losi 8ight 2.0.rca
2016-08-10 22:56 - 2016-08-10 22:56 - 00000360 _____ C:\Users\Ronan-SSD\Desktop\RCCrewChief V4.2.appref-ms
2016-08-10 22:56 - 2016-08-10 22:56 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wright Engineering and Design
2016-08-10 22:54 - 2016-08-10 22:54 - 00467968 _____ () C:\Users\Ronan-SSD\Desktop\setup (1).exe
2016-08-09 12:16 - 2016-08-09 12:27 - 00074240 _____ C:\Users\Ronan-SSD\Desktop\WA-Registrations-2016-ACT-Seed-Ver.2.xls
2016-08-09 11:58 - 2016-08-09 11:58 - 00073728 _____ C:\Users\Ronan-SSD\Desktop\WA-Registrations-2016.xls
2016-08-08 15:05 - 2016-08-08 15:05 - 02024740 _____ C:\Users\Ronan-SSD\Desktop\Week1_Tutorial_Lab.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 17:17 - 2015-01-02 22:04 - 02247680 ___SH C:\Users\Ronan-SSD\Desktop\Thumbs.db
2016-09-07 17:16 - 2015-08-18 13:35 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 17:13 - 2015-06-16 16:02 - 00000946 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-114092626-1339817701-1890131306-1001UA.job
2016-09-07 16:23 - 2015-08-04 16:23 - 00000474 _____ C:\WINDOWS\Tasks\MediaPro.job
2016-09-07 14:10 - 2014-12-28 06:01 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Spotify
2016-09-07 10:21 - 2015-01-04 06:50 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Spotify
2016-09-07 10:18 - 2015-01-12 17:17 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Adobe
2016-09-06 22:41 - 2014-12-28 06:10 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-06 20:13 - 2015-06-16 16:02 - 00000894 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-114092626-1339817701-1890131306-1001Core.job
2016-09-06 20:05 - 2014-03-18 20:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-06 20:05 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-06 20:04 - 2014-12-28 05:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-09-06 19:59 - 2015-08-18 13:35 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 19:59 - 2014-12-25 20:45 - 00000000 ___RD C:\Users\Ronan-SSD\Dropbox
2016-09-06 19:58 - 2015-07-22 13:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-06 19:58 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-06 16:41 - 2016-07-04 14:34 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\vlc
2016-09-06 12:22 - 2015-08-30 20:45 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Virtual RC Pro
2016-09-05 21:58 - 2015-07-16 01:35 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\CrashDumps
2016-09-03 20:15 - 2014-12-28 05:52 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-114092626-1339817701-1890131306-1001
2016-09-03 17:29 - 2015-08-25 15:38 - 00000034 _____ C:\Users\Ronan-SSD\AppData\Roaming\AdobeWLCMCache.dat
2016-09-03 11:54 - 2014-12-28 06:03 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\Dropbox
2016-09-01 14:28 - 2014-12-26 00:35 - 00000000 ____D C:\AdwCleaner
2016-09-01 14:27 - 2014-12-31 12:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-01 14:26 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-01 14:24 - 2016-03-21 15:26 - 00000467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F1 2014.lnk
2016-09-01 14:24 - 2016-03-03 15:32 - 00000942 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-09-01 14:24 - 2015-08-18 13:36 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-01 14:24 - 2015-08-16 19:06 - 00000080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-09-01 14:24 - 2015-07-20 14:06 - 00001040 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lol.launcher.admin.lnk
2016-09-01 14:24 - 2015-07-13 13:56 - 00000943 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vibrance.GUI.lnk
2016-09-01 14:24 - 2015-02-27 10:35 - 00000878 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2016-09-01 14:24 - 2015-01-20 18:33 - 00001263 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DisplayFusion.lnk
2016-09-01 14:24 - 2014-12-31 14:14 - 00001617 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DayZ Commander.lnk
2016-09-01 14:24 - 2014-12-28 06:01 - 00001874 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-01 14:24 - 2014-12-28 06:00 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-09-01 14:24 - 2014-12-28 05:58 - 00001889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-09-01 14:24 - 2014-12-28 05:47 - 00001418 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-01 14:24 - 2014-12-28 05:44 - 00000445 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-09-01 14:24 - 2014-12-28 05:44 - 00000443 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-09-01 14:23 - 2016-05-15 23:52 - 00001193 _____ C:\Users\Public\Desktop\Wondershare PDFelement.lnk
2016-09-01 14:23 - 2016-04-01 14:36 - 00000619 _____ C:\Users\Public\Desktop\SmartDraw 2016.lnk
2016-09-01 14:23 - 2016-03-17 22:54 - 00002012 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2016-09-01 14:23 - 2016-03-08 17:04 - 00000525 _____ C:\Users\Public\Desktop\F1 2015.lnk
2016-09-01 14:23 - 2016-02-04 15:40 - 00001098 _____ C:\Users\Ronan-SSD\Desktop\MSI Afterburner.lnk
2016-09-01 14:23 - 2015-11-08 10:35 - 00001207 _____ C:\Users\Public\Desktop\CEVO Client (CSGO).lnk
2016-09-01 14:23 - 2015-08-21 22:13 - 00001350 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2016-09-01 14:23 - 2015-08-18 13:36 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-01 14:23 - 2015-01-21 13:35 - 00000878 _____ C:\Users\Ronan-SSD\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-09-01 14:23 - 2015-01-04 20:10 - 00000564 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-09-01 14:23 - 2014-12-31 14:17 - 00001017 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-01 14:23 - 2014-12-28 22:24 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-01 14:23 - 2014-12-28 06:19 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-01 14:23 - 2014-12-28 06:10 - 00000969 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-01 14:23 - 2014-12-28 06:00 - 00001076 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-01 14:23 - 2014-12-28 06:00 - 00001037 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-09-01 14:23 - 2014-12-28 05:59 - 00001065 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-09-01 14:23 - 2014-12-28 05:58 - 00001871 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-09-01 14:23 - 2014-12-28 05:58 - 00000981 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-09-01 14:23 - 2014-12-25 20:38 - 00001076 _____ C:\Users\Ronan-SSD\Desktop\Dropbox.lnk
2016-09-01 14:23 - 2014-12-25 20:35 - 00001868 _____ C:\Users\Ronan-SSD\Desktop\Spotify.lnk
2016-09-01 14:03 - 2013-08-23 00:44 - 05195784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-30 08:19 - 2015-01-21 13:34 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Roaming\uTorrent
2016-08-25 18:36 - 2015-02-10 15:28 - 00000000 ____D C:\Users\Ronan-SSD\AppData\Local\Deployment
2016-08-24 19:27 - 2015-01-21 16:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-24 19:27 - 2014-03-18 19:46 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-24 19:27 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 19:27 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-24 19:25 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-24 19:25 - 2013-08-22 23:25 - 00000167 _____ C:\WINDOWS\win.ini
2016-08-23 18:11 - 2014-12-28 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-23 18:11 - 2014-12-28 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 18:06 - 2015-02-27 10:35 - 00000000 ____D C:\ProgramData\Origin
2016-08-23 17:58 - 2014-12-28 05:44 - 00000000 ____D C:\Users\Ronan-SSD
2016-08-13 16:35 - 2014-12-31 09:47 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-13 15:56 - 2015-02-11 14:35 - 00012288 ___SH C:\Users\Ronan-SSD\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2015-03-06 17:42 - 2015-03-06 17:42 - 0000100 _____ () C:\Users\Ronan-SSD\AppData\Roaming\LauncherSettings_live.cfg
2015-03-06 15:00 - 2015-03-06 15:00 - 0000040 _____ () C:\Users\Ronan-SSD\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-01-30 14:04 - 2016-02-04 15:41 - 0007606 _____ () C:\Users\Ronan-SSD\AppData\Local\Resmon.ResmonCfg
2015-08-04 16:31 - 2015-08-04 16:31 - 0000000 _____ () C:\Users\Ronan-SSD\AppData\Local\Temp.dat
2014-12-28 06:02 - 2014-12-28 06:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Ronan-SSD\AppData\Local\Temp\Hola-Setup-x64-1.13.778.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\nvStInst.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\ose00000.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\setup.dll
C:\Users\Ronan-SSD\AppData\Local\Temp\sonarinst.exe
C:\Users\Ronan-SSD\AppData\Local\Temp\sqlite-3.8.6-amd64-sqlitejdbc.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 21:13

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (63.4 KB, 304 views)
HomicidalBunny is offline  
Old 09-07-2016, 12:51 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {14246C24-DCFE-4693-9CED-F99EB99E9E90} - \{7D047D47-7A0B-7A7E-7911-797D790C110C} -> No File <==== ATTENTION
    Task: {2F5C200E-0AA0-47EE-8581-FCD515A7D1FF} - System32\Tasks\MediaPro => c:\programdata\{5a72d364-58d9-d6e3-5a72-2d36458d4d91}\adobe universal patcher v1.5 is here ! [cc 2015 supported] [exclusive].exe <==== ATTENTION
    Task: {F61822B3-88BE-40DD-BC66-40AC966AE7E4} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-12-28] ()
    C:\WINDOWS\AutoKMS
    Task: C:\WINDOWS\Tasks\MediaPro.job => c:\programdata\{5a72d364-58d9-d6e3-5a72-2d36458d4d91}\adobe universal patcher v1.5 is here ! [cc 2015 supported] [exclusive].exe <==== ATTENTION
    c:\programdata\{5a72d364-58d9-d6e3-5a72-2d36458d4d91}
    AlternateDataStreams: C:\ProgramData\TEMP:E18B7D31 [153]
    HKLM-x32\...\Run: [] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-01]
    ShortcutTarget: SteelSeries Engine 3.lnk -> (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mystartsearch.com/?type=hp&ts=1438669661&z=02a692ed858524de159a223gfz5c9b2q9q1t8wet6q&from=wpc&uid=TS256GSSD370_B766491665","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBnAoC30oBk..&v=20160629&uid=C926B05B9B8F87A1F4BB8DDA69F468E9&ptid=amz&mode=loadm"
    2016-09-01 14:32 - 2014-12-28 05:52 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
    Reg: reg delete HKU\S-1-5-21-114092626-1339817701-1890131306-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "SpybotPostWindows10UpgradeReInstall" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-07-2016, 11:33 PM   #11
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

Contents of ckfiles.txt:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\materials\sprites\store\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\materials\sprites\store\trails\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_sf.upk
scanner sequence 3.ZZ.11.JIAPDZ
----- EOF -----
Attached Files
File Type: txt Fixlog.txt (4.8 KB, 33 views)
HomicidalBunny is offline  
Old 09-08-2016, 04:26 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny. Are you still getting that detection?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 8 Update 40

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-08-2016, 09:36 PM   #13
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

I have attached two MBAM logs with this reply. I will explain.

I completed the first scan and it found about 3500 threats (same as at the beginning of this thread). It "successfully" dealt with those threats, and then I restarted the computer. The log for this scan is "08.09.2016 10.46pm MBAM Scan".

After restart, I uninstalled Java, and reinstalled the latest version, following the steps in your post to remove temporary files, etc. No problems there.

I then decided to run another MBAM scan to check for remnants before I ran the ESET scan. It found another 3500 threats, and as such I have attached another log name "08.09.2016 11.38pm MBAM Scan AFTER RESTART".

Unfortunately I cannot complete the ESET scan. It starts just fine until it gets within the last ~10% of the scan, when the program crashes ("This program has stopped working"). One thing I would like to note is that before the program crashes, it detected 4 "threats" the first time I ran the tool, and 6 "threats" the second time.

As far as system behaviour goes, the first thing I noticed after completing the FRST fixes was that Chrome updated (despite no updates seemingly having been available prior to the FRST fix).
Another thing I noticed was that I could no longer start browsing immediately after booting; it took a few minutes for Chrome to stop returning errors in regards to not being able to connect to the DNS server (I use google DNS as my ISP's DNS is a little flaky).
Apart from those two oddities, I haven't noticed any increase or decline in system performance, although the frequency at which Chrome webpages begin crashing has been significantly reduced.
Attached Files
File Type: txt 08.09.2016 10.46pm MBAM Scan.txt (870.8 KB, 31 views)
File Type: txt 08.09.2016 11.38pm MBAM Scan AFTER RESTART.txt (777.9 KB, 29 views)
HomicidalBunny is offline  
Old 09-09-2016, 01:31 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny.

Notice you have 2 Chrome profiles:

Quote:
CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData

CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\Default
Notice all the MBAM detections are for extensions under the ChromeDefaultData profile.

Do you need that ChromeDefaultData profile?

If not...

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData"

A DOS window will open and close again, this is normal.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2016, 06:53 PM   #15
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

This fix works if I exit Chrome and then complete a scan. However as soon as I log back in to Chrome, and complete another scan, the threats reappear, again in the ChromeDefaultData folder.
HomicidalBunny is offline  
Old 09-10-2016, 12:15 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny. Let's try this first.

Open Chrome, copy/paste the following bolded text into your Chrome browser address bar and press Enter:

chrome://settings/resetProfileSettings

Click Reset > OK.

Exit then re-launch Chrome. How is it now?

---------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-10-2016, 08:26 PM   #17
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

No change in threat count.
HomicidalBunny is offline  
Old 09-11-2016, 12:26 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, HomicidalBunny.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mystartsearch.com/?type=hp&ts=1438669661&z=02a692ed858524de159a223gfz5c9b2q9q1t8wet6q&from=wpc&uid=TS256GSSD370_B766491665","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBnAoC30oBk..&v=20160629&uid=C926B05B9B8F87A1F4BB8DDA69F468E9&ptid=amz&mode=loadm"
    CHR Session Restore: ChromeDefaultData -> is enabled.
    CHR Profile: C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (Adguard AdBlocker) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-01]
    CHR Extension: (YouTube) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-01]
    CHR Extension: (Search by Image (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-09-01]
    CHR Extension: (Video Title Adder) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ddpephnhacfpgcemhioaejgenlgadnnh [2016-09-01]
    CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-09-01]
    CHR Extension: (EditThisCookie) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-09-01]
    CHR Extension: (AdBlock) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-01]
    CHR Extension: (Imgur to Gfycat) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\idnninnhcleaikepmmomfnknbldalnjj [2016-09-01]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-02]
    CHR Extension: (Google Dictionary (by Google)) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-09-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-01]
    CHR Extension: (My Chrome Theme) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-09-01]
    CHR Extension: (ScriptSafe) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2016-09-01]
    CHR Extension: (Hover Zoom+) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-09-01]
    CHR Extension: (Gmail) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-01]
    CHR Extension: (Chrome Media Router) - C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]
    C:\Users\Ronan-SSD\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-12-2016, 07:27 AM   #19
Registered Member
 
Join Date: May 2013
Posts: 205
OS: Windows 8.1 Pro 64-bit



Hi chemist,

fixlog.txt attached
Attached Files
File Type: txt Fixlog.txt (6.8 KB, 31 views)
HomicidalBunny is offline  
Old 09-12-2016, 01:14 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hi HomicidalBunny. Any change?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:18 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts