Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton popup: Backdoor.Adwind Activity


  • This topic is locked This topic is locked
3 replies to this topic

#1 modellerscorner

modellerscorner

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 31 July 2017 - 05:33 AM

Norton is blocking activity with a popup stating "Norton Blocked an attack by: System Infected: Backdoor.Adwind Activity" I have updated and ran full norton scans, Norton Power Eraser and Malware bytes. Found some items and removed them but the constant popups still remain.

 

I've ran FRST and here is the system logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2017
Ran by USER (administrator) on USER-PC (31-07-2017 11:12:23)
Running from C:\Users\USER\Downloads
Loaded Profiles: USER (Available Profiles: USER)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
() C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Gianpaolo Bottin) C:\Program Files\WallpaperSS\WallpaperSS.exe
(Oracle Corporation) C:\Users\USER\AppData\Roaming\Oracle\bin\javaw.exe
(ITE Tech Inc.) C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
(Dropbox, Inc.) C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [869936 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-08-09] (Realtek Semiconductor)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2007-09-18] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [TouchPadHotKey] => C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [364544 2007-08-13] ()
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-04-29] (Nero AG)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Run: [Dropbox Update] => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Run: [WallpaperSS] => C:\Program Files\WallpaperSS\WallpaperSS.exe [476264 2015-09-15] (Gianpaolo Bottin)
HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Run: [zrrBMzwvLlp] => "C:\Users\USER\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\USER\JLxdubIFArL\ARDLzCNnaku.wwFpgc"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WirelessSelector.lnk [2009-04-28]
ShortcutTarget: WirelessSelector.lnk -> C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe (ITE Tech Inc.)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{709084F4-9F13-44A2-A2AD-82BC2480F49C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C8B6FC0F-8607-48D9-89F6-0B59F27193B6}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-624536895-381363763-121492468-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-624536895-381363763-121492468-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
URLSearchHook: HKU\S-1-5-21-624536895-381363763-121492468-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = 
SearchScopes: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://uk.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=19&gct=sb&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
 
FireFox:
========
FF DefaultProfile: cx041wtz.default-1427370262144
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cx041wtz.default-1427370262144 [2017-07-29]
FF Extension: (Firefox Hotfix) - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cx041wtz.default-1427370262144\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon [2017-07-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-624536895-381363763-121492468-1000: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-624536895-381363763-121492468-1000: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://modellerscorner.co.uk/prestashop/admin123/index.php","hxxp://modellerscorner.co.uk/prestashop/"
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2017-07-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-06-07]
CHR Extension: (Norton Identity Safe) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2017-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.JWTQP3D3IKHQBKDMMLO56VAGT4 - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [288504 2017-07-15] (Symantec Corporation)
S4 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
S4 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [307200 2008-02-29] (Fujitsu Siemens Computers) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170726.001\BHDrvx86.sys [1359520 2017-06-28] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\160A000.055\ccSetx86.sys [147072 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [393344 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [126592 2017-06-28] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20170728.001\IDSvix86.sys [845976 2017-07-16] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [69128 2013-11-18] (Silicon Laboratories)
R1 SRTSP; C:\Windows\System32\Drivers\NS\160A000.055\SRTSP.SYS [659616 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\160A000.055\SRTSPX.SYS [41112 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NS\160A000.055\SYMEFASI.SYS [1393792 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [89264 2017-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\160A000.055\Ironx86.SYS [241888 2017-07-14] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NS\160A000.055\SYMTDIV.SYS [351880 2017-07-14] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-31 11:12 - 2017-07-31 11:15 - 000016132 _____ C:\Users\USER\Downloads\FRST.txt
2017-07-31 11:11 - 2017-07-31 11:12 - 000000000 ____D C:\FRST
2017-07-31 11:10 - 2017-07-31 11:10 - 001777664 _____ (Farbar) C:\Users\USER\Downloads\frst.exe
2017-07-29 11:53 - 2017-07-29 11:53 - 000000000 ____D C:\Windows\pss
2017-07-27 19:21 - 2017-07-27 19:21 - 000000000 ____D C:\Users\USER\AppData\Roaming\SUPERAntiSpyware.com
2017-07-27 19:20 - 2017-07-27 19:21 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-27 19:20 - 2017-07-27 19:20 - 000001806 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-07-27 19:20 - 2017-07-27 19:20 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-07-27 19:20 - 2017-07-27 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-07-27 19:16 - 2017-07-27 19:17 - 030397760 _____ (SUPERAntiSpyware) C:\Users\USER\Downloads\SUPERAntiSpyware.exe
2017-07-25 14:24 - 2017-07-25 14:24 - 000000000 ____D C:\ProgramData\Sophos
2017-07-25 14:22 - 2017-07-25 14:22 - 000001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-25 14:22 - 2017-07-25 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-23 23:28 - 2017-07-23 23:28 - 000000000 ____D C:\Program Files\Sophos
2017-07-23 23:20 - 2017-07-23 23:22 - 172653056 _____ (Sophos Limited) C:\Users\USER\Downloads\Sophos Virus Removal Tool.exe
2017-07-23 19:00 - 2017-07-23 19:01 - 065033984 _____ (Malwarebytes ) C:\Users\USER\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-23 18:27 - 2017-07-23 18:27 - 000000000 ____D C:\NPE
2017-07-23 18:22 - 2017-07-23 19:02 - 000000000 ____D C:\Users\USER\AppData\Local\NPE
2017-07-22 23:58 - 2017-07-22 23:58 - 003422432 _____ (Symantec Corporation) C:\Users\USER\Desktop\NPE.exe
2017-07-22 19:28 - 2017-07-22 19:28 - 000000000 ____D C:\Users\USER\Dropbox\Pension
2017-07-16 14:12 - 2017-07-16 14:12 - 000000000 ____D C:\Users\USER\fUTkALeaTxM
2017-07-16 04:32 - 2017-07-16 04:34 - 000000000 ___HD C:\Users\USER\JLxdubIFArL
2017-07-12 09:42 - 2017-07-12 09:42 - 000000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-04 09:20 - 2017-07-04 09:20 - 000032012 _____ C:\Users\USER\Downloads\Invoice_Jun-01-17_Jun-29-17.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-31 10:51 - 2015-06-18 17:18 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000UA.job
2017-07-31 10:46 - 2006-11-02 13:45 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-31 10:46 - 2006-11-02 13:45 - 000003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-31 09:49 - 2010-10-18 11:38 - 000000416 ____H C:\Windows\Tasks\User_Feed_Synchronization-{7F9660C1-D011-4CC0-86B3-16FCAD2FDB45}.job
2017-07-31 09:47 - 2015-03-24 16:44 - 000000000 __SHD C:\Users\USER\Dropbox\.dropbox.cache
2017-07-29 22:29 - 2009-04-28 14:44 - 000000000 ____D C:\Program Files\SiS VGA Utilities
2017-07-29 22:24 - 2017-02-22 18:13 - 000000000 ____D C:\Users\USER\Dropbox\ToPrint
2017-07-29 21:54 - 2012-10-23 19:18 - 000000000 ____D C:\Users\USER\AppData\Local\TSVNCache
2017-07-29 21:54 - 2006-11-02 13:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-29 17:17 - 2006-11-02 13:58 - 000032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-27 18:35 - 2009-09-03 14:43 - 000002627 _____ C:\Users\USER\Desktop\Microsoft Office Word 2007.lnk
2017-07-27 05:51 - 2015-06-18 17:18 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000Core.job
2017-07-26 21:19 - 2013-04-16 10:50 - 000000000 ____D C:\Program Files\program
2017-07-26 16:54 - 2015-03-24 17:09 - 000000000 ____D C:\Users\USER\Dropbox\Shop
2017-07-23 18:22 - 2009-06-29 12:47 - 000000000 ____D C:\ProgramData\Norton
2017-07-23 01:55 - 2015-03-24 17:09 - 000000000 ____D C:\Users\USER\Dropbox\addresses
2017-07-22 22:22 - 2015-08-18 15:15 - 000000000 ____D C:\Windows\system32\Drivers\NS
2017-07-22 22:20 - 2016-06-24 02:54 - 000002049 _____ C:\Users\Public\Desktop\Norton Security.lnk
2017-07-22 22:20 - 2015-08-18 15:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-07-22 22:02 - 2015-08-18 15:19 - 000089264 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2017-07-22 22:02 - 2015-08-18 15:19 - 000008232 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2017-07-22 19:28 - 2015-10-13 09:42 - 000000000 ____D C:\Users\USER\Dropbox\PCI Complience
2017-07-22 19:28 - 2015-03-24 16:44 - 000000000 ___RD C:\Users\USER\Dropbox
2017-07-17 02:17 - 2016-02-23 17:03 - 000000000 ____D C:\Users\USER\Dropbox\vat
2017-07-16 04:32 - 2014-01-22 20:34 - 000000000 ____D C:\Users\USER\AppData\Roaming\Oracle
2017-07-12 09:43 - 2015-03-24 16:40 - 000000000 ____D C:\Users\USER\AppData\Roaming\Dropbox
2017-07-11 11:54 - 2012-03-30 10:56 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-11 11:54 - 2011-08-16 09:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-11 11:54 - 2009-04-28 17:02 - 000000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2012-05-08 14:15 - 2012-05-08 14:15 - 000000005 _____ () C:\Program Files\basis-link
2012-08-13 11:11 - 2012-08-13 11:11 - 000012888 _____ () C:\Program Files\readme.html
2012-08-13 11:11 - 2012-08-13 11:11 - 000012561 _____ () C:\Program Files\readme.txt
2011-12-07 14:53 - 2014-02-10 11:36 - 000000680 _____ () C:\Users\USER\AppData\Local\d3d9caps.dat
2010-05-01 16:54 - 2016-04-21 14:52 - 000011264 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-13 18:48 - 2012-01-13 18:48 - 000000000 _____ () C:\Users\USER\AppData\Local\{3B425E7E-41B6-4449-9FE7-1746AF8660AA}
2010-10-28 16:42 - 2011-01-08 17:00 - 000001940 _____ () C:\Users\USER\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2009-04-28 16:53 - 2015-03-27 10:57 - 000008588 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2008-09-26 12:02 - 2008-09-26 12:02 - 002356088 ____R (Adobe Systems Incorporated) C:\Users\USER\AppData\Local\Temp\AdobeUpdater12345.exe
2006-10-28 06:28 - 2006-10-28 06:28 - 000145184 ____R (Microsoft Corporation) C:\Users\USER\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-29 22:01
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2017
Ran by USER (31-07-2017 11:16:06)
Running from C:\Users\USER\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) (2009-04-28 13:44:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-624536895-381363763-121492468-500 - Administrator - Disabled)
Guest (S-1-5-21-624536895-381363763-121492468-501 - Limited - Disabled)
USER (S-1-5-21-624536895-381363763-121492468-1000 - Administrator - Enabled) => C:\Users\USER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (HKLM\...\{47ECCB1F-2811-49C0-B6A7-26778639ABA0}) (Version: 3.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Basic PAYE Tools (HKLM\...\Basic PAYE Tools - Real Time Information) (Version: 14.1.14168.197 - HM Revenue & Customs)
Basic PAYE Tools 2012 (HKLM\...\Basic PAYE Tools 2012) (Version: 4.2.1.20469 - HM Revenue & Customs)
Dropbox (HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Chrome (HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hobbywing USB Link V3.52.04 (HKLM\...\Hobbywing USB Link V3.52.04) (Version:  - Hobbywing Technology CO., LTD.)
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4 (HKLM\...\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}) (Version: 12.0 - HP)
HP Update (HKLM\...\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}) (Version: 4.000.009.002 - Hewlett-Packard)
HPSSupply (HKLM\...\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{6C626E7E-9FD0-4414-8B6A-CE55D4A01033}) (Version: 8.3.157 - Nero AG)
Network (HKLM\...\{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton Security (HKLM\...\NS) (Version: 22.10.0.85 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
PS_AIO_04_C4580_Software_Min (HKLM\...\{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}) (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5464 - Realtek Semiconductor Corp.)
Reventon (HKLM\...\{AE7F9A31-EA3C-4866-AB4C-675A4A9AE213}) (Version: 1.1.0.24 - Speed Passion)
Sailwave (HKLM\...\Sailwave) (Version:  - Sailwave)
Scan (HKLM\...\{9CCCFD9C-248F-47FE-9496-1680E3E5C163}) (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version: 7.14.10.5070 - Silicon Integrated Systems Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speed Passion USB Driver Serial Port Enumerator (Driver Removal) (HKLM\...\SPUSCOMM&10C4&EA60) (Version:  - Speed Passion)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.5.0 - Synaptics)
SystemDiagnostics (HKLM\...\{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}) (Version: 2.00.0002 - Fujitsu Siemens Computers       )
Toolbox (HKLM\...\{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.7.10.23359 (32 bit) (HKLM\...\{FA5EC676-B609-4DBB-9C05-8219B8287A48}) (Version: 1.7.23359 - TortoiseSVN)
TouchPad HotKey Utility (HKLM\...\{DB457913-028D-460E-BB4C-D9A6369752CA}) (Version: 4.0.6.0 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (HKLM\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.1.0 (HKLM\...\VLC media player) (Version: 1.1.0 - VideoLAN)
Wallpaper SlideShow LT 1.5.1 (HKLM\...\{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1) (Version:  - Gianpaolo Bottin)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WirelessControl (HKLM\...\{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}) (Version: 1.00.0000 - ITE)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [2012-10-08] (hxxp://tortoisesvn.net)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [2012-10-08] (hxxp://tortoisesvn.net)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [2012-10-08] (hxxp://tortoisesvn.net)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [2012-10-08] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll [2012-10-08] (hxxp://tortoisesvn.net)
ContextMenuHandlers1_S-1-5-21-624536895-381363763-121492468-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-624536895-381363763-121492468-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-624536895-381363763-121492468-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {673BA463-CA43-488E-9964-8B6E22A9E395} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {71F1681D-FA18-4D36-9157-847598F431B0} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {7C247BAF-701C-466D-A5CD-439FC3211452} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {7E1CFB51-C00E-4BEB-9B63-282CC18D8F4D} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {8179C5B4-B7A2-4BAD-BA3A-C71005D4FD8F} - System32\Tasks\{650A3AD3-6DD3-4201-B808-6E7E4DA19B59} => C:\Windows\system32\pcalua.exe -a "C:\Users\USER\Downloads\SP_Reventon\SpUsbDriver 6.6\SpUsbInstaller.exe" -d "C:\Users\USER\Downloads\SP_Reventon\SpUsbDriver 6.6"
Task: {8450F203-01A0-49F0-AF29-9DF83BFA11BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8B4D7EC4-A356-405B-A63C-DE8D13F0DF34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {93ED15EB-FE75-44FF-BC92-A0DAF7B9FD56} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000UA => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {AAB2698E-B8F2-4CA7-9BCF-A42EB71A70DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {BFA7663C-DB2B-4187-801A-E243764E0125} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000Core => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {D42899B0-AC93-4AE9-A10C-8F119CACE4CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {D959944B-ED3B-4C6D-A4F8-E0B45A25047D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {E5BCBB33-8D0A-430D-8EA9-7DB02C497BAF} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {ECB28183-FB04-44FB-84F2-F6F258E07C3F} - System32\Tasks\GoogleUpdateTaskMachineCore1cec5267ebf3bea => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000Core.job => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-624536895-381363763-121492468-1000UA.job => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7F9660C1-D011-4CC0-86B3-16FCAD2FDB45}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-08 19:42 - 2012-10-08 19:42 - 000070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2009-04-28 15:03 - 2007-08-13 13:47 - 000364544 _____ () C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
2017-07-12 09:42 - 2017-07-12 20:58 - 000746816 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-07-12 09:42 - 2017-07-12 20:58 - 001787200 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-06-27 20:24 - 2017-07-12 20:58 - 000100296 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000018888 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\select.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000020800 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000035792 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000021848 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000125904 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000694224 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 001862992 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000022864 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-07-12 09:42 - 2017-07-12 20:58 - 000145864 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-07-12 09:42 - 2017-07-12 20:58 - 000020432 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-07-12 09:42 - 2017-07-12 20:58 - 000116688 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-06-27 20:24 - 2017-07-12 20:58 - 000105928 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000022864 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000062784 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000040248 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000024528 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-07-12 09:42 - 2017-07-12 20:58 - 000392656 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-07-12 09:42 - 2017-07-12 20:58 - 000020936 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000116176 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000392512 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000124880 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000026456 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000024016 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000175560 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000030160 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000043472 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000048592 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000057808 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000024016 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000022336 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000082264 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000025432 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000027488 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 003928896 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000083912 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\sip.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 001826104 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 001972024 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000028616 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000171336 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000042816 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000531264 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000133432 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000224064 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-07-12 09:42 - 2017-07-12 21:00 - 000207680 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000060880 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000054608 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000022864 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000022872 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000021848 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000022872 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-27 20:24 - 2017-07-12 20:58 - 000349128 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000023896 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-07-12 09:42 - 2017-07-12 20:59 - 000025936 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-07-12 09:42 - 2017-07-12 20:58 - 000036296 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\librsync.dll
2017-07-12 09:42 - 2017-07-12 20:59 - 000181056 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.dll
2017-07-12 09:42 - 2017-07-12 20:59 - 000024368 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-07-12 09:42 - 2017-07-12 20:59 - 001637688 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-07-12 09:42 - 2017-07-12 20:58 - 014419408 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\opengl32sw.dll
2017-06-27 20:24 - 2017-07-12 21:01 - 000026456 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-27 20:24 - 2017-07-12 21:01 - 000023368 _____ () C:\Users\USER\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2016-09-06 20:26 - 2016-09-06 12:00 - 005197312 _____ () C:\Users\USER\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 20:26 - 2016-09-06 12:00 - 000147456 _____ () C:\Users\USER\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\USER\Dropbox\addresses:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Advertisements:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Bank:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\bin:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Contacts.vcf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Dear Valued Business Partner.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\FB-FindUsonFacebook-online-1024.png:com.dropbox.attributes [428]
AlternateDataStreams: C:\Users\USER\Dropbox\Getting Started.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\LED GU10.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\MembershipList 2013.xls:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\My Scans:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\My Videos:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\OneNote Notebooks:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\PCI Complience:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\PECO Layout Buildings.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Pension:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Plaststruct-Ogauge-price.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Printer Drivers:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\rooftile.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\RTI-14063__2014-04-07_1007.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Screenshots:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Shop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\ToPrint:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\vat:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\web images:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Website:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-624536895-381363763-121492468-1000\...\danskebank.co.uk -> danskebank.co.uk
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 000000761 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-624536895-381363763-121492468-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\WallpaperSS\Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: TestHandler => 2
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Google Update => C:\Users\USER\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D4913160-9549-4869-81DB-B956EBDA8846}] => (Allow) F:\setup\hpznui01.exe
FirewallRules: [{D7C650A3-5890-4921-BEFE-90A467FB2DA8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{62F56229-1064-4518-80DB-FD3C0D9802F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{09A91A5E-A6E8-489C-8DB5-B2F4470E49F0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F32A0970-DB4D-40BA-BDB4-A39D29C09B36}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{27B79F12-1E47-4A3F-99AF-5BBF3CE5D7A1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{57984A02-8668-4848-AEB3-FF13B78213C8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{DB0209BD-820A-4A4D-8036-97DD124B2AFA}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
FirewallRules: [{3B024231-5B10-4506-B226-1EBFFC84AA74}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{C9B51DF4-4EAB-4409-9F12-8182EDC93796}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{95A27E6A-5F37-4B5B-BE0C-711F0370D20E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{76AEDC32-3979-4429-9794-5233485A3A55}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1958DEFD-4D1A-48BE-9034-DFAA5405458F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C5DCA1C2-7118-48A9-87A9-0F19B052521A}] => (Allow) LPort=80
FirewallRules: [{AF2B0F53-5077-43CD-BDC3-BE2E3B092386}] => (Allow) LPort=80
FirewallRules: [{3160A083-624C-4AF2-B1BE-593A80CF79CE}] => (Allow) LPort=80
FirewallRules: [{A11A0B8F-6F62-4347-89B5-7D38A820395C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3AD0D88E-E892-415E-9641-3F030A4871DA}] => (Allow) C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{07B3BE09-0827-4C84-B468-E22E8E0BDAC8}] => (Allow) C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9D8EE031-1C21-4A66-BA1A-E248DAB7CB37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{72D205F2-4EA5-46F3-AF86-13FB95960D4B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{735B1B87-0709-4E93-838F-BC6311AF6251}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{00DD9BDD-ACAA-4B77-83EF-902954CF8088}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BF16AD89-BD67-4E5F-9C42-F17D7F9DF4D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
19-03-2017 20:13:46 Scheduled Checkpoint
20-03-2017 08:14:02 Scheduled Checkpoint
01-04-2017 21:27:28 Scheduled Checkpoint
07-04-2017 09:16:00 Scheduled Checkpoint
23-04-2017 01:38:44 Scheduled Checkpoint
25-04-2017 16:33:22 Scheduled Checkpoint
15-07-2017 02:13:51 Scheduled Checkpoint
15-07-2017 15:45:35 Scheduled Checkpoint
23-07-2017 18:38:12 Norton_Power_Eraser_20170723183811977
23-07-2017 23:25:17 Installed Sophos Virus Removal Tool.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2017 09:55:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/29/2017 11:57:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/27/2017 06:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/27/2017 04:00:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/26/2017 02:20:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/26/2017 01:37:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SVRTgui.exe version 2.6.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16d0
Start Time: 01d305a7301d0260
Termination Time: 32
 
Error: (07/26/2017 01:09:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 07:39:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 06:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 06:27:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/29/2017 09:59:19 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (07/29/2017 09:57:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/29/2017 09:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (07/29/2017 02:44:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NS service.
 
Error: (07/29/2017 12:01:22 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (07/29/2017 11:59:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/29/2017 11:57:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (07/27/2017 06:13:53 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (07/27/2017 06:08:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/27/2017 06:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-31 11:15:52.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:50.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:48.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:47.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:20.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:18.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:16.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:15:14.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:14:52.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170726.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-31 11:14:49.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20170726.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 570 @ 2.26GHz
Percentage of memory in use: 56%
Total physical RAM: 2812.46 MB
Available physical RAM: 1231.64 MB
Total Virtual: 5855.46 MB
Available Virtual: 3836.47 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:147.04 GB) (Free:63.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 8E8668DD)
Partition 1: (Not Active) - (Size=2 GB) - (Type=27)
Partition 2: (Active) - (Size=147 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:09 AM

Posted 31 July 2017 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-624536895-381363763-121492468-1000\...\Run: [zrrBMzwvLlp] => "C:\Users\USER\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\USER\JLxdubIFArL\ARDLzCNnaku.wwFpgc"
URLSearchHook: HKU\S-1-5-21-624536895-381363763-121492468-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
SearchScopes: HKLM -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL =
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Toolbar: HKU\S-1-5-21-624536895-381363763-121492468-1000 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-03]
StartMenuInternet: Google Chrome.JWTQP3D3IKHQBKDMMLO56VAGT4 - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\USER\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-624536895-381363763-121492468-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
AlternateDataStreams: C:\Users\USER\Dropbox\addresses:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Advertisements:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Bank:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\bin:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Contacts.vcf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Dear Valued Business Partner.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\FB-FindUsonFacebook-online-1024.png:com.dropbox.attributes [428]
AlternateDataStreams: C:\Users\USER\Dropbox\Getting Started.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\LED GU10.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\MembershipList 2013.xls:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\My Scans:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\My Videos:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\OneNote Notebooks:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\PCI Complience:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\PECO Layout Buildings.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Pension:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Plaststruct-Ogauge-price.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Printer Drivers:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\rooftile.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\RTI-14063__2014-04-07_1007.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Screenshots:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Shop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\ToPrint:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\vat:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\web images:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\USER\Dropbox\Website:com.dropbox.attributes [168]
C:\Users\USER\JLxdubIFArL

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

==

Please let me know if the problem persists.

#3 modellerscorner

modellerscorner
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 01 August 2017 - 09:49 AM

Followed all your instructions and have had no norton pop-ups since. Thank you very much for your help! 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:09 AM

Posted 01 August 2017 - 12:15 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users