Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Help with possible Virus/Malware - DDS couldn't run

This is a discussion on Help with possible Virus/Malware - DDS couldn't run within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, First, thank you for any help you can provide. I believe there is something wrong with at least one,


Closed Thread
 
Thread Tools Search this Thread
Old 01-14-2017, 03:07 PM   #1
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home


Confused

Hello,

First, thank you for any help you can provide.

I believe there is something wrong with at least one, if not more, computers in my home. I haven't been very safe recently, and did download some files from p2p sites. I noticed after a couple months that my computer started to run a little slower. Then suddenly, every once in a while the screen would change and it would have some weird block green pattern laid over top whatever was on my screen. I'd have to restart to clear that. I haven't seen that in a while, but now my internet is significantly slower. Today, my computer took about 5 minutes to boot. Typically it's done in less than 20 seconds. So it's progressively getting worse and changing which is weird.

My computer is running Windows 8.1 Pro x64.

I also have concern about my network in general. I run a Synology NAS and QNAP NAS as well. One is used for personal file sharing across devices on the network and the other is for work documents. I worry that since the majority of my files are on the NAS devices and accessed by other computers that numerous devices might be infected. I noticed some problems with my Surface Pro 4 as well. I reformatted that, but still have some issues, especially with internet speed. Let me know if I should post information on any of these systems as well.

I tried to run the DDS scan, but it seemed to not be compatible with Win 8.1. After looking around on the forum I saw people saying to run FRST. So I posted that log here instead. If there is something else that you'd like me to post please let me know.

Thanks again for any help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by Russell (administrator) on RUSSELL (14-01-2017 17:53:21)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-29] (CyberLink Corp.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr [688992 2017-01-14] (Swearware)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170113.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:53 - 2017-01-14 17:53 - 00036831 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-14 17:52 - 2017-01-14 17:53 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-14 17:52 - 02419200 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 17:46 - 2017-01-14 17:46 - 00688992 _____ (Swearware) C:\Users\Russell\Desktop\dds.scr
2017-01-14 17:24 - 2017-01-14 17:24 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007 (1).pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 17:46 - 2015-12-17 11:56 - 00000000 ___DO C:\Users\Russell\OneDrive
2017-01-14 17:41 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-14 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-14 17:37 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-14 17:35 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-14 17:34 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-14 17:34 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 17:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 17:29 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:24 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:51 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-14 12:38 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-14 12:28 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 11:50 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:15 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:25 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-10 23:22 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:20 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-10 22:59 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-02 03:06 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-02 01:12 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links
2016-12-22 17:42 - 2014-11-21 11:23 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:42 - 2014-11-21 11:23 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 06:19 - 2013-08-22 09:44 - 00482536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 16:56 - 2016-03-11 20:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Holotable
2016-12-16 14:58 - 2016-03-08 09:21 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 14:58 - 2016-03-08 09:21 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 14:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-15 06:59 - 2016-03-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 11:46

==================== End of FRST.txt ============================
rschou is offline  
Sponsored Links
Advertisement
 
Old 01-14-2017, 03:08 PM   #2
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



It seems like the attachment didn't load that time. Here it is
Attached Files
File Type: txt Addition.txt (40.6 KB, 27 views)
rschou is offline  
Old 01-16-2017, 08:04 AM   #3
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Bump, plus some more details.

So here are the top 3 odd behaviors I'm noticing with my computer in using it a little more often (I moved it into a more common room so I see it more often).

1) Slow boot times. Almost every boot takes minutes instead of seconds

2) Computer slowly becomes unusable until reboot. After each boot, my computer will work fine for a certain period of time, then it seems to slowly stop working. First, the internet will start to fail even though all my other devices remain connected. Then if I walk away for a while, the computer will no longer wake from sleep/hibernation. I'll have to do a hard restart.

3) screen regularly flashes. About every 10 minutes (rough estimate) the screen flashes. I can't really tell what is flashing, but I notice it at night when it seems like a distant camera flash went off in the house. It took me a while to realize it was my monitor since I wasn't using it. Seeing it happen maybe twice, it seems like it very quickly flashes a blue screen.

Hopefully this helps some. Thanks again
rschou is offline  
Sponsored Links
Advertisement
 
Old 01-19-2017, 02:39 PM   #4
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Bump, please help. It's getting worse.
rschou is offline  
Old 01-22-2017, 12:12 PM   #5
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



bump again
rschou is offline  
Old 01-22-2017, 12:46 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You are running an illegal(pirated) copy of Adobe Photoshop.

Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-22-2017, 05:22 PM   #7
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



Hello,

Thank you for the reply. I had honestly forgot that I ever installed that (don't use it anymore) so when I read the policy about not having pirated software I didn't realize it was still there.

I have gone back and uninstalled it now. However, I'm having a problem in that FRST not run without crashing. I believe this is due to the malware. Reason is because now when I go to re-download a new copy, it is instantly deleted from my download folder before I can even find it. I tried to cut/paste/copy it before it got deleted to no success. So I'm running what I had on my computer and it freezes during the scan then crashes as "not responding". What should I do?

I could reformat and then try to run the program again and send it in. But I feel like that will have other consequences. Let me know what you think I should do since I can't currently get a new log.
rschou is offline  
Old 01-22-2017, 07:46 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
I believe this is due to the malware
Don't believe your problem is malware. It doesn't cause the problems you initially described.

Delete FRST64, then download another copy of FRST64 to your desktop.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    Adobe*
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-23-2017, 03:57 AM   #9
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



So I figured out the problem, and of course you're right. It was being deleted by my Anti-virus software. I disabled it and ran it. Here are the updated logs. I have to head to work, but am running system look and will post it here when complete. Thank you for the help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Russell (administrator) on RUSSELL (22-01-2017 20:16:22)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\RemoveAAM.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-01-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170118.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170118.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 18:09 - 2017-01-22 20:16 - 00035335 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-19 18:09 - 2017-01-19 18:10 - 00051007 _____ C:\Users\Russell\Desktop\Addition.txt
2017-01-16 12:34 - 2017-01-17 18:38 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-01-16 12:33 - 2017-01-16 12:33 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-01-16 12:14 - 2017-01-16 12:14 - 01083295 _____ C:\Users\Russell\AppData\Local\ars.cache
2017-01-16 12:14 - 2017-01-16 12:14 - 00851886 _____ C:\Users\Russell\AppData\Local\census.cache
2017-01-16 12:11 - 2017-01-16 12:11 - 00000010 _____ C:\Users\Russell\AppData\Local\sponge.last.runtime.cache
2017-01-16 11:59 - 2016-08-22 14:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-01-16 10:34 - 2017-01-16 10:34 - 00412232 _____ C:\WINDOWS\Minidump\011617-3703-01.dmp
2017-01-15 18:06 - 2017-01-15 18:06 - 00000036 _____ C:\Users\Russell\AppData\Local\housecall.guid.cache
2017-01-15 15:36 - 2017-01-15 15:36 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-15 10:12 - 2017-01-15 10:12 - 02527376 _____ (Trend Micro Inc.) C:\Users\Russell\Downloads\HousecallLauncher64.exe
2017-01-14 17:52 - 2017-01-22 20:16 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-19 18:09 - 02419712 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\Day 2.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 20:16 - 2016-05-02 23:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-22 20:16 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-22 20:16 - 2016-05-02 23:03 - 00000000 ____D C:\ProgramData\Adobe
2017-01-22 20:14 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-22 20:14 - 2015-12-17 11:56 - 00000000 __RDO C:\Users\Russell\OneDrive
2017-01-22 19:33 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-22 19:26 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-22 18:51 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-22 18:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-22 18:46 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-22 18:46 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-19 18:13 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-19 17:55 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-19 17:41 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-19 17:35 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-19 17:34 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-17 07:49 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-16 22:49 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-16 22:48 - 2016-03-08 21:53 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-16 22:48 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-16 17:16 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-16 10:34 - 2016-03-08 09:02 - 833126943 _____ C:\WINDOWS\MEMORY.DMP
2017-01-16 10:34 - 2016-03-08 09:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-15 23:34 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-15 15:40 - 2016-05-02 22:03 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-01-15 15:40 - 2016-05-02 22:03 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-01-15 15:32 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-15 15:32 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links

==================== Files in the root of some directories =======

2017-01-16 12:14 - 2017-01-16 12:14 - 1083295 _____ () C:\Users\Russell\AppData\Local\ars.cache
2017-01-16 12:14 - 2017-01-16 12:14 - 0851886 _____ () C:\Users\Russell\AppData\Local\census.cache
2017-01-15 18:06 - 2017-01-15 18:06 - 0000036 _____ () C:\Users\Russell\AppData\Local\housecall.guid.cache
2017-01-16 12:11 - 2017-01-16 12:11 - 0000010 _____ () C:\Users\Russell\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-17 18:48

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (49.8 KB, 26 views)
rschou is offline  
Old 01-23-2017, 03:59 AM   #10
Registered Member
 
Join Date: Apr 2009
Posts: 39
OS: Windows XP home



It actually completed really quickly. It's posted below.

SystemLook 30.07.11 by jpshortstuff
Log created at 06:57 on 23/01/2017 by Russell
Administrator - Elevation successful

========== folderfind ==========

Searching for "Adobe*"
C:\Program Files\Common Files\Adobe d------ [04:04 03/05/2016]
C:\Program Files (x86)\Adobe d------ [10:09 30/09/2016]
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe d------ [10:09 30/09/2016]
C:\Program Files (x86)\Common Files\Adobe d------ [04:04 03/05/2016]
C:\Program Files (x86)\Common Files\Adobe\Adobe PCD d------ [04:04 03/05/2016]
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe d------ [10:09 30/09/2016]
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin d------ [10:09 30/09/2016]
C:\ProgramData\Adobe d------ [04:03 03/05/2016]
C:\Users\All Users\Adobe d------ [04:03 03/05/2016]
C:\Users\Russell\AppData\Local\Adobe d------ [04:03 03/05/2016]
C:\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobeApplicationManager-1.0 d------ [06:00 03/05/2016]
C:\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobeExportAssets264bit-2.0 d------ [06:00 03/05/2016]
C:\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobePhotoshopCC2015-16.0 d------ [06:00 03/05/2016]
C:\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobePreviewCC-1.0.0 d------ [06:00 03/05/2016]
C:\Users\Russell\AppData\Local\Temp\AdobeDownload d------ [01:14 23/01/2017]
C:\Users\Russell\AppData\LocalLow\Adobe d------ [15:28 21/02/2016]
C:\Users\Russell\AppData\LocalLow\Adobe\Linguistics\UserDictionaries\Adobe Custom Dictionary d------ [15:28 21/02/2016]
C:\Users\Russell\AppData\Roaming\Adobe d------ [14:04 08/03/2016]
C:\Users\Russell\AppData\Roaming\Adobe\Adobe PDF d------ [04:06 03/05/2016]
C:\Users\Russell\AppData\Roaming\Adobe\Adobe Photoshop CC 2015 d------ [04:05 03/05/2016]
C:\Users\Russell\Documents\Adobe d------ [19:30 18/01/2016]
C:\Users\Russell\Documents\Adobe\Adobe Media Encoder d------ [19:30 18/01/2016]
C:\Users\Russell\OneDrive\Documents\Adobe d-a---- [13:08 04/05/2016]
C:\Windows.old\Users\All Users\Adobe d------ [04:03 03/05/2016]
C:\Windows.old\Users\Russell\AppData\Local\Adobe d------ [19:23 18/01/2016]
C:\Windows.old\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobeApplicationManager-1.0 d------ [13:43 19/01/2016]
C:\Windows.old\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobePremierePro-9.0.0-Trial d------ [13:43 19/01/2016]
C:\Windows.old\Users\Russell\AppData\Local\Temp\Adobe d------ [19:30 18/01/2016]
C:\Windows.old\Users\Russell\AppData\Local\Temp\AdobeDownload d------ [19:25 18/01/2016]
C:\Windows.old\Users\Russell\AppData\Local\Temp\Adobe_ADMLogs d------ [14:32 21/02/2016]
C:\Windows.old\Users\Russell\AppData\Local\Temp\acrord32_sbx\Adobe d------ [15:28 21/02/2016]
C:\Windows.old\Users\Russell\AppData\Roaming\Adobe d------ [16:53 17/12/2015]
C:\Windows.old\Users\Russell\AppData\Roaming\Adobe\Adobe PDF d------ [19:30 18/01/2016]

-= EOF =-
rschou is offline  
Old 01-23-2017, 07:13 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello rschou. I don't think you understood me. I mean I think your original problems are likely not due to malware. You likely have a hardware problem.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
    Task: {529C46FB-581E-4406-AA6E-FEFA28E22695} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
    HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
    HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
    HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
    C:\Users\Russell\AppData\Roaming\Adobe\Adobe Photoshop CC 2015
    C:\Users\Russell\AppData\Local\Adobe\AAMUpdater\1.0\Data\AdobePhotoshopCC2015-16.0
    Hosts:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspected malware after Minecraft mods - dds.scr won't run.
Hi, My son downloaded and installed Minecraft mods including unwittingly some other nasties. I have uninstalled what I could find but I now suspect malware. I downloaded dds.scr but it opens in Notepad. I don't know what a script blocker is. Please advise. Thanks.
happydaze29 Virus/Trojan/Spyware Help 32 08-01-2015 11:40 AM
Urgent help needed to remove multiple virus :win64/patched.A and Trojan.
Dear tech guru, I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected. Here are the details of my computer and the viruses. I have already backed up my system, and ran the tdsskiller and otl. I would like to completely get rid of the viruses. Your help is...
deesw8 Resolved HJT Threads 52 11-05-2012 09:56 AM
bad image error and norton 360
Hi, My initial problem was trying to get rid of the "Bad Image" error message that has been popping up on literally every file and folder on my PC (Windows XP). Situation has gone from bad to worse as i installed norton 360 5.0. Now nothing works, unable to connect to the internet, unable to...
royalmc Resolved HJT Threads 25 04-07-2011 07:36 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:15 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts