Hello,
First, thank you for any help you can provide.
I believe there is something wrong with at least one, if not more, computers in my home. I haven't been very safe recently, and did download some files from p2p sites. I noticed after a couple months that my computer started to run a little slower. Then suddenly, every once in a while the screen would change and it would have some weird block green pattern laid over top whatever was on my screen. I'd have to restart to clear that. I haven't seen that in a while, but now my internet is significantly slower. Today, my computer took about 5 minutes to boot. Typically it's done in less than 20 seconds. So it's progressively getting worse and changing which is weird.
My computer is running Windows 8.1 Pro x64.
I also have concern about my network in general. I run a Synology NAS and QNAP NAS as well. One is used for personal file sharing across devices on the network and the other is for work documents. I worry that since the majority of my files are on the NAS devices and accessed by other computers that numerous devices might be infected. I noticed some problems with my Surface Pro 4 as well. I reformatted that, but still have some issues, especially with internet speed. Let me know if I should post information on any of these systems as well.
I tried to run the DDS scan, but it seemed to not be compatible with Win 8.1. After looking around on the forum I saw people saying to run FRST. So I posted that log here instead. If there is something else that you'd like me to post please let me know.
Thanks again for any help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by Russell (administrator) on RUSSELL (14-01-2017 17:53:21)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-29] (CyberLink Corp.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr [688992 2017-01-14] (Swearware)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170113.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-14 17:53 - 2017-01-14 17:53 - 00036831 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-14 17:52 - 2017-01-14 17:53 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-14 17:52 - 02419200 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 17:46 - 2017-01-14 17:46 - 00688992 _____ (Swearware) C:\Users\Russell\Desktop\dds.scr
2017-01-14 17:24 - 2017-01-14 17:24 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007 (1).pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-14 17:46 - 2015-12-17 11:56 - 00000000 ___DO C:\Users\Russell\OneDrive
2017-01-14 17:41 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-14 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-14 17:37 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-14 17:35 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-14 17:34 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-14 17:34 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 17:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 17:29 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:24 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:51 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-14 12:38 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-14 12:28 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 11:50 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:15 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:25 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-10 23:22 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:20 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-10 22:59 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-02 03:06 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-02 01:12 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links
2016-12-22 17:42 - 2014-11-21 11:23 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:42 - 2014-11-21 11:23 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 06:19 - 2013-08-22 09:44 - 00482536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 16:56 - 2016-03-11 20:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Holotable
2016-12-16 14:58 - 2016-03-08 09:21 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 14:58 - 2016-03-08 09:21 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 14:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-15 06:59 - 2016-03-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-06 11:46
==================== End of FRST.txt ============================
First, thank you for any help you can provide.
I believe there is something wrong with at least one, if not more, computers in my home. I haven't been very safe recently, and did download some files from p2p sites. I noticed after a couple months that my computer started to run a little slower. Then suddenly, every once in a while the screen would change and it would have some weird block green pattern laid over top whatever was on my screen. I'd have to restart to clear that. I haven't seen that in a while, but now my internet is significantly slower. Today, my computer took about 5 minutes to boot. Typically it's done in less than 20 seconds. So it's progressively getting worse and changing which is weird.
My computer is running Windows 8.1 Pro x64.
I also have concern about my network in general. I run a Synology NAS and QNAP NAS as well. One is used for personal file sharing across devices on the network and the other is for work documents. I worry that since the majority of my files are on the NAS devices and accessed by other computers that numerous devices might be infected. I noticed some problems with my Surface Pro 4 as well. I reformatted that, but still have some issues, especially with internet speed. Let me know if I should post information on any of these systems as well.
I tried to run the DDS scan, but it seemed to not be compatible with Win 8.1. After looking around on the forum I saw people saying to run FRST. So I posted that log here instead. If there is something else that you'd like me to post please let me know.
Thanks again for any help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by Russell (administrator) on RUSSELL (14-01-2017 17:53:21)
Running from C:\Users\Russell\Desktop
Loaded Profiles: Russell (Available Profiles: Russell)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Forty One Ltd.) D:\Software\AudioSwitcher\AudioSwitcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Intel Security) C:\Program Files\Intel Security\True Key\Application\truekey.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify Web Helper] => C:\Users\Russell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [AudioSwitcher] => D:\Software\AudioSwitcher\AudioSwitcher.exe [458240 2016-03-12] (Forty One Ltd.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-29] (CyberLink Corp.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Spotify] => C:\Users\Russell\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-01] (Spotify Ltd)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\Run: [GoogleChromeAutoLaunch_A926180A5F0EA9010D7881571F92AA65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {1f4d667e-e68e-11e5-8250-dc85de6728a6} - "L:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {7d59b33d-2030-11e6-8269-dc85de6728a6} - "K:\OnePlus_setup.exe" /s
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {cfee2adf-c513-11e6-8286-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\...\MountPoints2: {ef9657dd-90a7-11e6-8279-dc85de6728a6} - "F:\OnePlus_USB_Drivers_Setup.exe"
HKU\S-1-5-21-503452509-3002992337-1118405479-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Russell\Desktop\dds.scr [688992 2017-01-14] (Swearware)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D770C795-581E-4601-BDA3-399E8B03046A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E040694C-14EB-4BAA-970C-CCD2003AC9BD}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-503452509-3002992337-1118405479-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: [Profiles]
Profiles=GettingStarted [not found]
FF ProfilePath: [Profiles]
Profiles=GettingStarted
Weekdays
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
Weekdays
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359,0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[not found]
weekend
[Weekdays]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=Origin;battlefield;steam
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=20
UnlockDiff=20
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=2300-2359;0000-0600
ProfilePriority=5
day1=0
day2=1
day3=1
day4=1
day5=1
day6=0
day7=0
EnabledRUSSELL=1
[GettingStarted]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=5
UnlockDiff=5
ProfileAccessNone=1
ProfileAccessRandom=0
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160327
ProfileAccessUntilTime=1547
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=
ProfilePriority=5
day1=1
day2=1
day3=1
day4=1
day5=1
day6=1
day7=1
EnabledRUSSELL=1
[weekend]
WebMode=Allow
WebAction=CloseTab
WebDelay=0
AppMode=Allow
AppAction=Minimize
AppDelay=0
NumRules=1
Titles1=
Mode1=Block
Action1=Minimize
Match1=Any
Delay1=0
ProfileAccessLevel=5
ProfileUnlockLevel=60
UnlockDiff=60
ProfileAccessNone=0
ProfileAccessRandom=1
ProfileAccessCustom=0
ProfileAccessTimed=0
ProfileUnlockNone=0
ProfileUnlockRandom=1
ProfileUnlockCustom=0
ProfileUnlockForced=0
ProfileAccessUntilDate=20160522
ProfileAccessUntilTime=1341
ProfileAccessPassword=
ProfileUnlockPassword=
Goal=
ActivateAfterRun=1
ShowCountdown=0
AllowTempUnlock=1
ScheduleList=0100-0800
ProfilePriority=5
day1=1
day2=0
day3=0
day4=0
day5=0
day6=1
day7=1
EnabledRUSSELL=1
[not found]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.gmail.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Honey) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-01-14]
CHR Extension: (Dropbox for Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-12]
CHR Extension: (Google Calendar) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-10]
CHR Extension: (Google Sheets) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Earthy) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-24]
CHR Extension: (Drumpfinator) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-08]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-03-08]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-03-08]
CHR Extension: (Evernote Web) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-11-26]
CHR Extension: (Pocket Legends) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2016-10-12]
CHR Extension: (Reload All Tabs) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2016-09-25]
CHR Extension: (Google Hangouts) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Russell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-503452509-3002992337-1118405479-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2016-12-08] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2016-12-08] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2016-03-08] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-30] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ak240audio; C:\WINDOWS\System32\drivers\ak240audio_x64.sys [251392 2013-11-26] ()
S3 ak240audioks; C:\WINDOWS\system32\DRIVERS\ak240audioks_x64.sys [45568 2013-11-26] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170113.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360x64\1608010.00E\SymELAM.sys [24192 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-02] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\Russell\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20161002.001\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-14 17:53 - 2017-01-14 17:53 - 00036831 _____ C:\Users\Russell\Desktop\FRST.txt
2017-01-14 17:52 - 2017-01-14 17:53 - 00000000 ____D C:\FRST
2017-01-14 17:52 - 2017-01-14 17:52 - 02419200 _____ (Farbar) C:\Users\Russell\Desktop\FRST64.exe
2017-01-14 17:50 - 2017-01-14 17:50 - 00688992 _____ (Swearware) C:\Users\Russell\Downloads\dds.scr
2017-01-14 17:46 - 2017-01-14 17:46 - 00688992 _____ (Swearware) C:\Users\Russell\Desktop\dds.scr
2017-01-14 17:24 - 2017-01-14 17:24 - 00000218 _____ C:\Users\Russell\.recently-used.xbel
2017-01-14 16:53 - 2017-01-14 16:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007 (1).pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03320351 _____ C:\Users\Russell\Downloads\DOC004.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 03211061 _____ C:\Users\Russell\Downloads\DOC003.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01913902 _____ C:\Users\Russell\Downloads\DOC006.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01833500 _____ C:\Users\Russell\Downloads\DOC002.pdf
2017-01-14 16:51 - 2017-01-14 16:51 - 01744044 _____ C:\Users\Russell\Downloads\DOC005.pdf
2017-01-12 22:13 - 2017-01-12 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 22:52 - 2017-01-10 22:53 - 01016683 _____ C:\Users\Russell\Downloads\DOC007.pdf
2017-01-07 11:58 - 2017-01-07 11:59 - 53543904 _____ C:\Users\Russell\Downloads\FWUP0008.DAT
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 11:12 - 2017-01-02 11:12 - 00000846 _____ C:\Users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-02 11:12 - 2017-01-02 11:12 - 00000798 _____ C:\Users\Russell\Desktop\Start Tor Browser.lnk
2017-01-02 11:11 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Russell\Desktop\Tor Browser
2017-01-02 11:06 - 2017-01-02 11:06 - 50706736 _____ C:\Users\Russell\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-02 11:04 - 2017-01-02 11:04 - 70860876 _____ C:\Users\Russell\Downloads\tor-browser-linux64-6.0.8_en-US.tar.xz
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-14 17:46 - 2015-12-17 11:56 - 00000000 ___DO C:\Users\Russell\OneDrive
2017-01-14 17:41 - 2014-11-21 03:43 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 17:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-14 17:37 - 2016-09-27 21:08 - 00000000 ___RD C:\Users\Russell\Dropbox
2017-01-14 17:37 - 2015-12-18 08:44 - 00000000 ___RD C:\Users\Russell\Google Drive
2017-01-14 17:35 - 2016-09-27 21:06 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-14 17:34 - 2016-09-27 21:06 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-14 17:34 - 2016-03-08 09:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 17:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 17:29 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-14 17:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 17:24 - 2016-03-08 09:03 - 00000000 ____D C:\Users\Russell
2017-01-14 17:11 - 2016-02-13 07:00 - 00314368 ___SH C:\Users\Russell\Desktop\Thumbs.db
2017-01-14 12:51 - 2016-10-02 02:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-01-14 12:38 - 2016-03-08 09:12 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-503452509-3002992337-1118405479-1001
2017-01-14 12:28 - 2016-05-02 23:03 - 00000000 ____D C:\Users\Russell\AppData\Local\Adobe
2017-01-14 12:19 - 2016-10-05 20:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 12:19 - 2016-05-07 11:37 - 00000000 ____D C:\Program Files\TrueKey
2017-01-14 11:50 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Origin
2017-01-13 10:16 - 2016-05-07 11:37 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-13 00:50 - 2016-03-11 09:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 00:50 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 00:49 - 2016-03-11 09:19 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-12 22:15 - 2016-09-30 05:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 22:13 - 2016-09-30 05:09 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 22:13 - 2016-09-27 21:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 23:25 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-01-10 23:22 - 2016-03-08 09:23 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 23:21 - 2016-03-08 09:22 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-10 23:20 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-10 22:59 - 2016-03-08 10:52 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-01-10 22:50 - 2016-03-09 20:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 22:50 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
2017-01-02 03:06 - 2016-03-08 21:41 - 00000000 ____D C:\Users\Russell\AppData\Local\Spotify
2017-01-02 01:12 - 2016-03-08 21:40 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Spotify
2017-01-01 23:13 - 2016-05-31 07:31 - 00000000 ____D C:\Users\Russell\AppData\Roaming\gtk-2.0
2016-12-30 18:54 - 2016-10-02 01:00 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-30 17:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-24 11:59 - 2016-03-09 22:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\MusicBee
2016-12-24 11:27 - 2015-12-17 11:53 - 00000000 ___RD C:\Users\Russell\Links
2016-12-22 17:42 - 2014-11-21 11:23 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:42 - 2014-11-21 11:23 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 06:19 - 2013-08-22 09:44 - 00482536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 06:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 16:56 - 2016-03-11 20:53 - 00000000 ____D C:\Users\Russell\AppData\Roaming\Holotable
2016-12-16 14:58 - 2016-03-08 09:21 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 14:58 - 2016-03-08 09:21 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 14:58 - 2013-08-22 08:36 - 00000000 ___RD C:\Program Files (x86)
2016-12-15 06:59 - 2016-03-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
Some files in TEMP:
====================
C:\Users\Russell\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-06 11:46
==================== End of FRST.txt ============================