apac

My system is back to normal. Haven't seen any further issues pop up. Thank you so much for all your help.

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2016 Ran by ACCOUNTING (2016-06-07 11:02:52) Run:1 Running from C:\Users\ACCOUNTING\Desktop Loaded Profiles: ACCOUNTING & QBDataServiceUser21 & QBDataServiceUser24 (Available Profiles: ACCOUNTING & QBDataServiceUser21 & QBDataServiceUser24) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Run: [Rz0P6cS4y2uPSG3KE] => C:\Users\ACCOUNTING\.PwfBQVWUPy\IzG7oTYD_Bmdn7gCI\L3QSaswoHhTY9eWmy\u0K4VWD1xMAxQhVbb.jar [266172 2016-05-31] () C:\Users\ACCOUNTING\.PwfBQVWUPy HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\MountPoints2: {c9b39248-fbd9-11e2-8f8b-806e6f6e6963} - D:\setup_assist.exe Tcpip\..\Interfaces\{1458DEA6-B599-4724-A318-D9052ECE8080}: [NameServer] 208.67.222.222 C:\Users\ACCOUNTING\AppData\Local\Temp\JNativeHook-2.0.1.dll C:\Users\ACCOUNTING\AppData\Local\Temp\_is6AE4.exe C:\Users\ACCOUNTING\AppData\Local\Temp\_is86EC.exe AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 1.JPG:com.dropbox.attributes [414] AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 2.JPG:com.dropbox.attributes [422] AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 3.JPG:com.dropbox.attributes [210] CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-1730871182-815281426-2271061754-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Rz0P6cS4y2uPSG3KE => value removed successfully C:\Users\ACCOUNTING\.PwfBQVWUPy => moved successfully "HKU\S-1-5-21-1730871182-815281426-2271061754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9b39248-fbd9-11e2-8f8b-806e6f6e6963}" => key removed successfully HKCR\CLSID\{c9b39248-fbd9-11e2-8f8b-806e6f6e6963} => key not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1458DEA6-B599-4724-A318-D9052ECE8080}\\NameServer => value removed successfully C:\Users\ACCOUNTING\AppData\Local\Temp\JNativeHook-2.0.1.dll => moved successfully C:\Users\ACCOUNTING\AppData\Local\Temp\_is6AE4.exe => moved successfully C:\Users\ACCOUNTING\AppData\Local\Temp\_is86EC.exe => moved successfully C:\Users\ACCOUNTING\Documents\Revo 1.JPG => ":com.dropbox.attributes" ADS removed successfully. C:\Users\ACCOUNTING\Documents\Revo 2.JPG => ":com.dropbox.attributes" ADS removed successfully. C:\Users\ACCOUNTING\Documents\Revo 3.JPG => ":com.dropbox.attributes" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 2.1 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 11:04:20 ==== Zemana AntiMalware 2.20.2.911 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/6/7 Operating System : Windows 7 64-bit Processor : 8X Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz BIOS Mode : Legacy CUID : 12069CCB51190CB1B37369 Scan Type : Scheduled Scan Duration : 4m 23s Scanned Objects : 14544 Detected Objects : 8 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : MSHOME,0,2 Detected Objects ------------------------------------------------------- Internet Explorer Homepage Status : Scanned Object : https://invest.ameritrade.com/grid/p/login MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Homepage Internet Explorer Homepage Status : Scanned Object : https://ibank.pcs-sd.net/onlinebanking5/login.r?t-bank=113121135 MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Homepage CouponPrinterService.exe Status : Scanned Object : %programfiles%\coupons\couponprinterservice.exe MD5 : F49C902F71D91BD8A2497BF2F0838275 Publisher : Coupons, Inc. Size : 179184 Version : 6.0.2.3 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\coupons\couponprinterservice.exe Process - 2236 - C:\Program Files (x86)\Coupons\CouponPrinterService.exe Registry Entry - HKLM\System\CurrentControlSet\Services\CouponPrinterService\ImagePath = C:\Program Files (x86)\Coupons\CouponPrinterService.exe couponprinter_x64.ocx Status : Scanned Object : %systemroot%\couponprinter_x64.ocx MD5 : 019137D1A850CA0C74F566CC0C36D44E Publisher : Coupons, Inc. Size : 659440 Version : 5.0.2.3 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %systemroot%\couponprinter_x64.ocx Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\InprocServer32\@ = C:\Windows\COUPON~2.OCX Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\@ = C:\Windows\COUPON~2.OCX CouponPrinter.ocx Status : Scanned Object : %systemroot%\couponprinter.ocx MD5 : 7542A4C516F3675818A0F2C093B8AA7D Publisher : Coupons, Inc. Size : 444912 Version : 5.0.2.3 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %systemroot%\couponprinter.ocx Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\@ = C:\Windows\COUPON~1.OCX peazip-5.1.1.WINDOWS.exe Status : Scanned Object : %userprofile%\downloads\application downloads\peazip-5.1.1.windows.exe MD5 : 5C1141BE284D132167E2586DDA8BCF08 Publisher : - Size : 5438764 Version : 0.0.0.0 Detection : Adware:Win32/OpenCandy Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\application downloads\peazip-5.1.1.windows.exe couponprinter.exe Status : Scanned Object : %userprofile%\downloads\application downloads\couponprinter.exe MD5 : 1818C8AFC607EF46E7F3D09B8F620F93 Publisher : Coupons, Inc. Size : 2080456 Version : 5.0.1.3 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\application downloads\couponprinter.exe npMozCouponPrinter.dll Status : Scanned Object : %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll MD5 : FFF4D01A441C6712EABE1D4244DBC5F2 Publisher : Coupons, Inc. Size : 248304 Version : 5.0.2.3 Detection : Adware:Win32/Coupons!Ep Cleaning Action : Quarantine Related Objects : File - %programfiles%\mozilla firefox\browser\plugins\npmozcouponprinter.dll Cleaning Result ------------------------------------------------------- Cleaned : 8 Reported as safe : 0 Failed : 0 # AdwCleaner v5.119 - Logfile created 07/06/2016 at 11:26:32 # Updated 30/05/2016 by Xplode # Database : 2016-06-07.1 [Server] # Operating system : Windows 7 Professional Service Pack 1 (X64) # Username : ACCOUNTING - ACCOUNTING-PC # Running from : C:\Users\ACCOUNTING\Desktop\AdwCleaner.exe # Option : Clean # Support : http: //toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : CouponPrinterService ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Program Files (x86)\Coupons [-] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility [-] Folder Deleted : C:\Users\ACCOUNTING\AppData\Local\PackageAware [-] Folder Deleted : C:\Users\ACCOUNTING\AppData\Roaming\download Manager ***** [ Files ] ***** [-] File Deleted : C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\invalidprefs.js [-] File Deleted : C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\searchplugins\safesearch.xml ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate [-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser [-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController [-] Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\firstdata.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.firstdata.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com ***** [ Web browsers ] ***** [-] [C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com [-] [C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.mywebsearch.com [-] [C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : slirsredirect.search.aol.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4389 bytes] - [07/06/2016 11:26:32] C:\AdwCleaner\AdwCleaner[S1].txt - [4358 bytes] - [07/06/2016 11:25:09] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4535 bytes] ########## Ran Sophos Virus Removal and number of threats found: 0

Hi Kevin, Here are my logs. Rkill log Program started at: 06/07/2016 10:17:24 AM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/07/2016 10:18:59 AM Execution time: 0 hours(s), 1 minute(s), and 34 seconds(s) Malwarebytes log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/7/2016 Scan Time: 10:20 AM Logfile: Malwarebytes Log.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.07.05 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ACCOUNTING Scan Type: Threat Scan Result: Completed Objects Scanned: 392876 Time Elapsed: 13 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016 Ran by ACCOUNTING (administrator) on ACCOUNTING-PC (07-06-2016 10:04:49) Running from C:\Users\ACCOUNTING\Downloads Loaded Profiles: ACCOUNTING & QBDataServiceUser21 & QBDataServiceUser24 (Available Profiles: ACCOUNTING & QBDataServiceUser21 & QBDataServiceUser24) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Dropbox, Inc.) C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Dropbox, Inc.) C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_73\bin\java.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations) HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [913216 2010-06-01] (Dell Inc.) HKLM\...\Run: [DLUPDR] => C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [587584 2010-06-01] (Dell Inc.) HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1284416 2010-06-01] (Dell Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293000 2012-12-21] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [379280 2015-04-16] (Cyber Power Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Run: [Dropbox Update] => C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Run: [Rz0P6cS4y2uPSG3KE] => C:\Users\ACCOUNTING\.PwfBQVWUPy\IzG7oTYD_Bmdn7gCI\L3QSaswoHhTY9eWmy\u0K4VWD1xMAxQhVbb.jar [266172 2016-05-31] () HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\MountPoints2: {c9b39248-fbd9-11e2-8f8b-806e6f6e6963} - D:\setup_assist.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) Startup: C:\Users\ACCOUNTING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03] ShortcutTarget: Dropbox.lnk -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-04-15] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-04-15] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-04-15] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{1458DEA6-B599-4724-A318-D9052ECE8080}: [NameServer] 208.67.222.222 Tcpip\..\Interfaces\{AA7FD730-4A4F-4D33-8CAC-FD3A54D2540D}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-1730871182-815281426-2271061754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ HKU\S-1-5-21-1730871182-815281426-2271061754-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com HKU\S-1-5-21-1730871182-815281426-2271061754-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://ibank.pcs-sd.net/onlinebanking5/login.r?t-bank=113121135 hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerid=newmail-en-us-v2&authlev=0&sitestate=ver%3a4%7crt%3astandard%7cat%3asns%7cld%3amail.aol.com%7crp%3asuite.aspx%7cuv%3aaol%7clc%3aen-us%7cmt%3aangelia%7csnt%3ascreenname%7csid%3a522748c0-d187-486a-b6bc-d32c831e3ac3&locale=us hxxps://invest.ameritrade.com/grid/p/login SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1730871182-815281426-2271061754-1000 -> {46A1F3D2-35A0-4CC7-BF28-E7A052B46254} URL = SearchScopes: HKU\S-1-5-21-1730871182-815281426-2271061754-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-1730871182-815281426-2271061754-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-1730871182-815281426-2271061754-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2016-05-08] (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Homepage: hxxps://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1730871182-815281426-2271061754-1000: @citrixonline.com/appdetectorplugin -> C:\Users\ACCOUNTING\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-29] (Citrix Online) FF Plugin HKU\S-1-5-21-1730871182-815281426-2271061754-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\ACCOUNTING\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax) FF user.js: detected! => C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\user.js [2014-08-20] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-01] (Coupons, Inc.) FF SearchPlugin: C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\searchplugins\safesearch.xml [2014-08-12] FF Extension: XKit - C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\extensions\xkit@studioxenix.com.xpi [2016-03-04] [not signed] FF Extension: Ebates Cash Back - C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-24] FF Extension: Adblock Plus - C:\Users\ACCOUNTING\AppData\Roaming\Mozilla\Firefox\Profiles\t6k19nrn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-03-21] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Norton Security Toolbar) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-29] CHR Extension: (Google Search) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31] CHR Extension: (Google Docs Offline) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Norton Security Toolbar) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-08-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\ACCOUNTING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-19] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-19] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155888 2009-10-16] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [344384 2010-06-01] (Dell Inc.) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation) S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation) R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1071504 2015-04-16] (Cyber Power Systems, Inc.) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-08] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed] R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-02-27] (Intuit, Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160606.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-07] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160606.040\ENG64.SYS [138456 2016-05-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20160606.040\EX64.SYS [2148056 2016-05-17] (Symantec Corporation) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-07 10:04 - 2016-06-07 10:07 - 00034439 _____ C:\Users\ACCOUNTING\Downloads\FRST.txt 2016-06-07 10:04 - 2016-06-07 10:04 - 00000000 ____D C:\FRST 2016-06-07 10:02 - 2016-06-07 10:03 - 02385408 _____ (Farbar) C:\Users\ACCOUNTING\Downloads\FRST64.exe 2016-06-07 09:24 - 2016-06-07 09:24 - 00000000 ___RD C:\Users\ACCOUNTING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-06-07 08:30 - 2016-06-07 09:33 - 00000000 ____D C:\Users\ACCOUNTING\AppData\Local\NPE 2016-06-03 13:44 - 2016-06-03 13:44 - 00000000 ____D C:\Users\ACCOUNTING\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-31 08:36 - 2016-05-31 08:36 - 00007168 _____ C:\Users\ACCOUNTING\Desktop\web_history.dll 2016-05-31 08:14 - 2016-05-31 08:31 - 00000000 ____D C:\Users\ACCOUNTING\.PwfBQVWUPy 2016-05-23 11:47 - 2016-06-06 08:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-11 15:10 - 2016-05-11 15:11 - 00000000 ____D C:\Users\ACCOUNTING\Desktop\Invoices to email 2016-05-11 15:09 - 2016-05-11 15:10 - 00000000 ____D C:\Users\ACCOUNTING\Desktop\Jane-email Cara ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-07 09:57 - 2013-09-26 13:20 - 00000000 ____D C:\Quickbooks Company File Transfer 2016-06-07 09:43 - 2014-07-03 08:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-07 09:37 - 2015-08-31 08:18 - 00000000 ____D C:\Program Files (x86)\Dell Update 2016-06-07 09:37 - 2014-07-03 08:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-07 09:37 - 2013-08-02 18:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-06-07 09:29 - 2013-09-23 10:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-07 09:25 - 2014-02-26 11:15 - 00000000 ___RD C:\Users\ACCOUNTING\Dropbox 2016-06-07 09:24 - 2013-09-23 10:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-07 09:24 - 2013-08-02 18:44 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-06-07 09:24 - 2013-08-02 18:44 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-06-07 09:21 - 2015-06-16 21:10 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000UA.job 2016-06-07 09:08 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-07 09:08 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-07 09:00 - 2015-05-11 10:22 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2016-06-07 09:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-07 08:37 - 2015-06-16 21:10 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000Core.job 2016-06-07 08:34 - 2013-09-23 11:11 - 00000000 ____D C:\ProgramData\Norton 2016-06-06 14:58 - 2016-03-28 10:37 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2016-06-06 09:54 - 2014-02-26 11:38 - 00000000 ____D C:\Program Files (x86)\Steam 2016-06-06 08:38 - 2013-08-02 18:20 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-06 08:38 - 2013-08-02 18:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-06 08:33 - 2013-09-23 08:30 - 00000000 ____D C:\Users\ACCOUNTING\AppData\Roaming\SoftGrid Client 2016-06-03 13:45 - 2014-02-26 11:13 - 00000000 ____D C:\Users\ACCOUNTING\AppData\Roaming\Dropbox 2016-06-02 15:38 - 2013-09-23 08:40 - 00000000 ____D C:\Users\ACCOUNTING\Documents\Labels 2016-05-31 08:14 - 2013-09-21 09:50 - 00000000 ____D C:\Users\ACCOUNTING 2016-05-27 13:14 - 2014-04-09 12:09 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2016-05-26 11:53 - 2013-09-21 10:27 - 00000000 ____D C:\Users\ACCOUNTING\AppData\Local\CrashDumps 2016-05-24 09:51 - 2016-02-27 12:15 - 00012551 _____ C:\Users\ACCOUNTING\Desktop\monthly note total.xlsx 2016-05-20 16:06 - 2013-09-23 08:37 - 00000000 ____D C:\Users\ACCOUNTING\Documents\Fax Cover Sheets 2016-05-14 11:17 - 2013-09-26 12:58 - 00000090 _____ C:\Windows\QBChanUtil_Trigger.ini 2016-05-14 11:13 - 2009-07-14 00:13 - 00818660 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-14 11:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-05-14 08:57 - 2015-06-04 09:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-13 14:41 - 2013-09-23 08:23 - 00000000 ____D C:\Users\ACCOUNTING\Documents\Bank Wire 2016-05-12 19:32 - 2015-02-05 11:43 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-12 19:32 - 2015-02-05 11:43 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-11 08:24 - 2013-09-23 10:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 08:24 - 2013-09-23 10:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-09 13:35 - 2014-04-15 12:14 - 00000000 ____D C:\Users\QBDataServiceUser24 ==================== Files in the root of some directories ======= 2013-10-03 08:23 - 2013-10-03 08:27 - 0015829 _____ () C:\Users\ACCOUNTING\AppData\Roaming\FileDrTool.log 2014-06-14 11:06 - 2014-06-14 11:06 - 0000000 _____ () C:\Users\ACCOUNTING\AppData\Local\{C50F0BB5-B257-40D0-877A-097AB192B12B} Some files in TEMP: ==================== C:\Users\ACCOUNTING\AppData\Local\Temp\JNativeHook-2.0.1.dll C:\Users\ACCOUNTING\AppData\Local\Temp\_is6AE4.exe C:\Users\ACCOUNTING\AppData\Local\Temp\_is86EC.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-31 17:54 ==================== End of FRST.txt ============================ Addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2016 Ran by ACCOUNTING (2016-06-07 10:07:30) Running from C:\Users\ACCOUNTING\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-09-21 14:50:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= ACCOUNTING (S-1-5-21-1730871182-815281426-2271061754-1000 - Administrator - Enabled) => C:\Users\ACCOUNTING Administrator (S-1-5-21-1730871182-815281426-2271061754-500 - Administrator - Disabled) Guest (S-1-5-21-1730871182-815281426-2271061754-501 - Limited - Enabled) QBDataServiceUser21 (S-1-5-21-1730871182-815281426-2271061754-1001 - Limited - Enabled) => C:\Users\QBDataServiceUser21 QBDataServiceUser24 (S-1-5-21-1730871182-815281426-2271061754-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser24 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.) AIM for Windows (HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\AIM) (Version: - AOL Inc.) Allied B.O.S.S. (HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Allied B.O.S.S.) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{567D38C3-15B4-B00B-86C1-7B11AB252A4B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Amortization Software (HKLM-x32\...\Amortization Software_is1) (Version: - Ruth Technology Corporation) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated) Crystal Reports 8.5 Runtime (HKLM-x32\...\Crystal Reports 8.5 Runtime) (Version: - ) CyberPower PowerPanel Personal Edition 1.5.1 (HKLM-x32\...\{E9B0B57D-89AF-433B-AD29-5963D516E766}) (Version: 1.5.1 - Cyber Power Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell System Detect (HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.) Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION Dropbox (HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.) Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation) Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation) iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation) PeaZip 5.1.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Personal Financial Statement (HKLM-x32\...\Personal Financial Statement) (Version: 7.0 - Interactive Software Solutions, LP) Personal Financial Statement (x32 Version: 7.0 - Interactive Software Solutions, LP) Hidden PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific) QuickBooks (x32 Version: 24.0.4011.2403 - Intuit Inc.) Hidden QuickBooks File Doctor (HKLM-x32\...\{0CFC5C64-A7D1-42C0-B8BF-03DFF0E6C54E}) (Version: 3.5.5 - Intuit) QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4011.2403 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.) RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SQL Anywhere 11 (HKLM\...\{ECE263B0-6C8B-404C-B4AC-8FAB1C87AB4A}) (Version: 11.1.2584 - iAnywhere Solutions, Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer) TimeTrax EZ (HKLM-x32\...\{AF120048-DC11-41EB-AC95-F4A1105886F1}) (Version: 4.3.1 - Pyramid Technologies LLC) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - YouNeedABudget.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1730871182-815281426-2271061754-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {056D3AF6-A482-4CD5-9BAA-D95F5C82E4D2} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {21376400-C32A-4830-A44E-05752D732633} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] () Task: {2EA5D9E7-47DE-49AC-A5F0-55285AD43BB9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000Core => C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {3363EC15-C1CF-4412-97C2-5C614DF2605C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-25] (Symantec Corporation) Task: {3DE62D33-24DC-443B-A1C6-28376E197CFF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {4D40D657-3EFE-419D-98A3-D39DF62D4D4B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe [2016-02-25] (Symantec Corporation) Task: {5D97CA11-8FE6-4D4B-916B-C47CBC357C21} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {62F7F0E5-5BD7-455D-B43A-753AA72EA2B9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.) Task: {63372F3B-4942-4F3B-81A7-E558A426641B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {7B457263-315D-4FDC-97B7-61C8F3EFDC3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {8872D44C-C698-4766-A536-4D80D003E0D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {8B319B68-8C22-42BA-BD84-7F16F4F09C72} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {8F2506D5-AE79-4148-8B14-03F76D54BA7C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000UA => C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {A784D04E-CE6E-4932-9040-E41E29BCB169} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.) Task: {B1A555E8-928F-4938-A87A-E813C7EA89C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B40FC652-2894-4D71-A15E-03FE428A19B0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {D35600B1-A337-4874-AC60-C1BC817345C3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {FC837C17-9B49-4406-8CDB-1CC94486974C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000Core.job => C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1730871182-815281426-2271061754-1000UA.job => C:\Users\ACCOUNTING\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-02 18:34 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2013-08-02 18:25 - 2013-01-23 20:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-04-09 12:09 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2015-12-09 17:38 - 2016-05-05 05:09 - 00034768 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-06-03 13:44 - 2016-05-05 05:10 - 00019408 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-06-03 13:44 - 2016-05-05 05:09 - 00116688 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-09 17:38 - 2016-05-05 05:09 - 00093640 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-09 17:38 - 2016-05-05 05:09 - 00018376 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-09 17:38 - 2016-05-31 13:34 - 00019760 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00105928 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-06-03 13:44 - 2016-05-05 05:09 - 00392144 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-09 17:38 - 2016-05-31 13:34 - 00381752 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-09 17:38 - 2016-05-05 05:09 - 00692688 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00020816 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-09 17:38 - 2016-05-05 05:10 - 00123856 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 01682760 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00020808 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-09 17:38 - 2016-05-31 13:34 - 00021840 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00038696 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-06-03 13:44 - 2016-05-05 05:11 - 00020936 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00024528 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00114640 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00124880 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00021832 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00024016 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00175560 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00030160 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00043472 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00048592 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00023872 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-06-03 13:44 - 2016-05-05 05:09 - 00134088 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00026456 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00057808 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00024016 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-06-03 13:44 - 2016-05-31 13:33 - 00246592 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00028616 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00052024 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-09 17:38 - 2016-05-05 05:09 - 00134608 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-06-03 13:44 - 2016-05-05 05:10 - 00240584 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00020800 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00019776 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00020800 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00020280 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-09 17:38 - 2016-05-31 13:34 - 00023376 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00350152 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-02-11 18:52 - 2016-05-31 13:34 - 00022352 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00024392 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-06-03 13:44 - 2016-05-05 05:12 - 00036296 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\librsync.dll 2016-06-03 13:44 - 2016-05-31 13:34 - 00084280 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-06-03 13:44 - 2016-05-31 13:34 - 01826096 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-09 17:38 - 2016-05-05 05:10 - 00083912 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\sip.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 03928880 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 01971504 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00531248 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00132912 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00223544 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00207672 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-09 17:38 - 2016-05-05 05:11 - 00060880 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\win32print.pyd 2015-12-09 17:38 - 2016-05-31 13:34 - 00024904 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00546096 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-06-03 13:44 - 2016-05-31 13:34 - 00357680 _____ () C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-05-08 21:44 - 2016-05-08 21:44 - 00623384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00021272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll 2014-02-27 10:49 - 2014-02-27 10:49 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00149272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00247064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00623896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00582424 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00142616 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00800024 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00043800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00087832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00104216 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll 2016-05-08 21:45 - 2016-05-08 21:45 - 00503576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll 2016-05-08 21:45 - 2016-05-08 21:45 - 00129304 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00113432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00059672 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridgeWebViewContainer.dll 2016-05-08 21:45 - 2016-05-08 21:45 - 00115480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll 2016-05-08 21:44 - 2016-05-08 21:44 - 00060184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 1.JPG:com.dropbox.attributes [414] AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 2.JPG:com.dropbox.attributes [422] AlternateDataStreams: C:\Users\ACCOUNTING\Documents\Revo 3.JPG:com.dropbox.attributes [210] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1730871182-815281426-2271061754-1000\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1730871182-815281426-2271061754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACCOUNTING\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{B0283AA6-56CA-4B0F-BBE6-E49B376B9265}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D8F96E78-A6BF-41B7-A5E3-B4F1CE768EAF}] => (Allow) LPort=2869 FirewallRules: [{B32758B8-D64D-46E7-A94C-43389F8CC602}] => (Allow) LPort=1900 FirewallRules: [{CDA9FDAD-42AA-4A3E-BE7B-4A9DF6705670}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{FA0B8759-851B-4011-BDEE-38EDB099676C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{390FFB17-48A5-40E7-A462-2E85801150C7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{9F20E25E-CB54-4C32-8945-CDC46E96ED46}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{A8C818A0-76B7-4476-ACE9-9CD077B1013E}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{6F2BE4D5-778F-41AF-8A08-1EEF1D45EBF3}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{409EC224-8F4C-43D9-A2A4-05172480A121}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69C1CDEC-E678-42E5-A61A-7487AF146C5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BFFC72AC-4B5B-42D6-ABE8-D72851598163}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\YNAB 4\YNAB 4.exe FirewallRules: [{2C41A727-F746-4EB7-BD97-099C356B8522}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\YNAB 4\YNAB 4.exe FirewallRules: [{A33F7196-D7F3-4A6F-B5BF-56F2979A4148}] => (Allow) C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{CB4B2209-E9D4-4C0C-B9F6-7C8F31F55550}] => (Allow) C:\Users\ACCOUNTING\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{52DC4B99-3F17-4DAF-BC84-CDEADC944E20}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E9CC54FA-288A-41CB-B600-C7F5B06BDE44}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{BA8EE36D-8529-41CA-A814-B964E8260E8F}C:\users\accounting\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\accounting\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{10C2FF3F-7A33-4812-A787-8796BBCD7309}C:\users\accounting\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\accounting\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{A7CCD8EC-AA06-46EB-AE71-BF8C730A9A10}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{63E9BAF0-48B7-4F89-915E-1055D66B6976}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{974E6DB9-158B-4EB5-B241-BDAC21705795}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{581A4DF3-4238-410C-ABAD-90B43B8BCEC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{05D4D59C-C279-4D77-AFDB-44869F8D2CFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D5897BB3-9CF9-4F49-ACEC-B79BD2478CD3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0D32F43C-F966-40FA-8795-9C9AA3E66B9F}] => (Allow) C:\Users\ACCOUNTING\AppData\Local\Temp\7zS87A6.tmp\SymNRT.exe FirewallRules: [{088D3F26-D154-47D1-B2E6-3D51A2257293}] => (Allow) C:\Users\ACCOUNTING\AppData\Local\Temp\7zS87A6.tmp\SymNRT.exe FirewallRules: [{E02D4E94-9C71-4508-BA47-2A9369D4CED2}] => (Allow) C:\Users\ACCOUNTING\AppData\Local\Temp\7zS9CBB.tmp\SymNRT.exe FirewallRules: [{D610401B-A304-484B-B846-61D60B7A8BAD}] => (Allow) C:\Users\ACCOUNTING\AppData\Local\Temp\7zS9CBB.tmp\SymNRT.exe FirewallRules: [{EF12E5B9-6A08-4693-AAE4-0A10C1461784}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3F67A124-6040-405B-BB5E-34362BBFFB43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02C46915-D6D8-4371-AD2A-97D1AA45F84C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0DC00BC5-ED50-44E1-BC8A-51D52355402E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BFB7B112-7E13-4163-9AD2-B8B41187A3D4}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{8786F6D1-16DB-4DFB-BA35-170972BB0073}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E4F52E1E-A925-4730-8756-90B99403E4E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{DCD4992C-5A67-404E-A628-45416B3F34D6}C:\allied\boss.exe] => (Allow) C:\allied\boss.exe FirewallRules: [UDP Query User{36974753-FC71-46BF-A8A8-87AB939CF9BB}C:\allied\boss.exe] => (Allow) C:\allied\boss.exe FirewallRules: [{DD4D98E3-CB8C-4D0D-995B-EDE631DFD9DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 17-05-2016 08:14:29 Scheduled Checkpoint 24-05-2016 18:03:36 Scheduled Checkpoint 01-06-2016 00:00:05 Scheduled Checkpoint 07-06-2016 08:57:44 Norton_Power_Eraser_20160607085741674 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/07/2016 09:58:13 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2014": V24.0D R11 (M=1066, L=335, C=249, V=0 (0)) Error: (06/07/2016 09:58:13 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2014": V24.0D R11 (M=1066, L=335, C=249, V=0 (0)) Error: (06/07/2016 09:02:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/07/2016 08:41:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program QBW32.EXE version 24.0.4011.2403 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2a54 Start Time: 01d1bffc53a3d8b3 Termination Time: 109 Application Path: C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE Report Id: Error: (06/07/2016 08:25:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 53194453 Error: (06/07/2016 08:25:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 53194453 Error: (06/07/2016 08:25:47 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/07/2016 08:25:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 53193455 Error: (06/07/2016 08:25:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 53193455 Error: (06/07/2016 08:25:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (06/07/2016 09:02:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/07/2016 08:59:59 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. Error: (06/07/2016 08:59:59 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. Error: (06/07/2016 08:59:59 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk5\DR5. Error: (06/07/2016 08:59:59 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/06/2016 11:10:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (06/06/2016 11:10:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (06/06/2016 08:38:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/06/2016 08:35:33 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk4\DR4. Error: (06/06/2016 08:35:33 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR6. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz Percentage of memory in use: 64% Total physical RAM: 8127.79 MB Available physical RAM: 2854.97 MB Total Virtual: 16253.76 MB Available Virtual: 10464.92 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:906.81 GB) (Free:811.75 GB) NTFS Drive d: (DELL) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Drive g: () (Removable) (Total:7.45 GB) (Free:2.14 GB) FAT32 Drive i: (Lexar) (Removable) (Total:29.81 GB) (Free:25.59 GB) FAT32 Drive j: (Lexar) (Removable) (Total:29.81 GB) (Free:15.53 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 56141D56) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=24.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=906.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 5 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Rkill.txt Addition.txt FRST.txt

As of this morning Norton keeps giving me the following message: "Norton blocked an attack by: System Infected: Trojan.Maljava Activity 2" I've tried running malwarebytes premium and Norton power eraser but nothing has helped so far. I could really use some help removing it.

Everything seems to be running well.

Here are the results of the ESETScan. C:\FRST\Quarantine\C\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe.xBAD a variant of Win32/Kryptik.CPHG trojan cleaned by deleting - quarantined C:\FRST\Quarantine\C\Windows\system32\aruxedk.dll.xBAD Win64/TrojanDownloader.Cerabit.A trojan cleaned by deleting - quarantined

I apologize for the delay in replying. below is the combofix log. ComboFix 14-11-10.02 - dibollparts 11/10/2014 12:22:10.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.6130 [GMT -6:00] Running from: c:\users\dibollparts\Desktop\combofix.exe AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dibollparts\g2ax_customer_downloadhelper_win32_x86.exe . . ((((((((((((((((((((((((( Files Created from 2014-10-10 to 2014-11-10 ))))))))))))))))))))))))))))))) . . 2014-11-10 18:26 . 2014-11-10 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-03 20:46 . 2014-09-25 22:50 13619200 ----a-w- c:\windows\system32\ieframe.dll 2014-10-30 13:57 . 2014-10-30 13:57 -------- d-----w- c:\users\dibollparts\AppData\Roaming\OfficeRecovery 2014-10-29 22:18 . 2014-10-29 22:18 -------- d-----w- C:\MATS 2014-10-29 22:08 . 2014-10-29 22:08 -------- d-----w- c:\windows\system32\appmgmt 2014-10-29 16:10 . 2014-10-29 16:10 -------- d-----w- c:\programdata\Microsoft Help 2014-10-29 16:10 . 2014-10-29 16:10 -------- d-----w- c:\users\dibollparts\AppData\Local\Microsoft Help 2014-10-27 21:19 . 2014-10-29 22:37 -------- d-----w- C:\FRST 2014-10-27 19:57 . 2014-10-27 19:57 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-10-27 19:57 . 2014-10-27 19:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2014-10-27 19:56 . 2014-10-27 21:30 -------- d-----w- c:\windows\system32\drivers\N360x64 2014-10-27 19:56 . 2014-10-27 19:56 -------- d-----w- c:\program files (x86)\Norton 360 2014-10-27 19:56 . 2014-10-27 19:56 -------- d-----w- c:\program files (x86)\NortonInstaller 2014-10-27 19:19 . 2014-10-27 19:19 -------- d-----w- c:\program files (x86)\QS 2014-10-27 18:59 . 2014-10-27 18:59 -------- d-----w- c:\users\dibollparts\AppData\Roaming\TeamViewer 2014-10-23 20:43 . 2014-10-29 22:21 -------- d-----w- c:\users\dibollparts\AppData\Local\CrashDumps 2014-10-23 20:41 . 2014-10-27 21:32 -------- d-----w- C:\NPE 2014-10-23 20:07 . 2014-10-27 21:45 -------- d-----w- c:\users\dibollparts\AppData\Local\NPE 2014-10-23 19:42 . 2014-11-10 16:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-23 19:42 . 2014-11-07 17:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-10-23 19:42 . 2014-10-29 22:24 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-23 19:42 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-17 15:36 . 2014-10-27 21:44 -------- d-----w- c:\users\allied 2014-10-16 13:37 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-10-16 13:37 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll 2014-10-16 13:37 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll 2014-10-16 13:37 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll 2014-10-16 13:37 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll 2014-10-16 13:37 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll 2014-10-16 13:37 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll 2014-10-16 13:37 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll 2014-10-16 13:37 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll 2014-10-16 13:37 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-10-16 13:31 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll 2014-10-16 13:31 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-01 16:11 . 2014-03-05 21:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-09-25 02:08 . 2014-10-01 13:23 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 13:23 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-24 13:14 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 13:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-23 02:07 . 2014-08-28 13:09 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 13:09 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-10-01 39408] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088] "GoogleChromeAutoLaunch_42633E726CDEF9E0918FA6A3B75ACBF2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-04-17 112408] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) "HideSCAHealth"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) "HideSCAHealth"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141107.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141107.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x] S2 BASrv;BASrv;c:\allied\BASNTSrv.exe;c:\allied\BASNTSrv.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 InterCom;InterCom;c:\program files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE;c:\program files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE [x] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SQLANYs_Allied;SQL Anywhere - Allied;c:\program files\SQL Anywhere 11\Bin32\dbsrv11.exe;c:\program files\SQL Anywhere 11\Bin32\dbsrv11.exe [x] S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-28 18:25 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30 15:06] . 2014-11-04 c:\windows\Tasks\AQS Uploader Updates.job - c:\windows\Installer\AQS Uploader Updates for All Users.lnk [2013-09-30 15:55] . 2013-09-30 c:\windows\Tasks\BOSS AQS Upload.job - c:\program files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exe [2012-10-02 14:46] . 2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 14:05] . 2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01 14:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896] "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-BASNT - c:\allied\BASNT.EXE Wow6432Node-HKCU-Run-ShopAtHomeWatcher - c:\users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe Wow6432Node-HKCU-Run-ShopAtHomeUpdater - c:\users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe Wow6432Node-HKCU-Run-ChromeUpdate - c:\users\dibollparts\AppData\Roaming\ChromeUpdate.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2014-11-10 12:42:32 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-10 18:42 . Pre-Run: 942,592,593,920 bytes free Post-Run: 941,881,896,960 bytes free . - - End Of File - - 45D2371B562F0C232A14F80B2352E422

Hello Borislav thank you for your assistance. I have pasted both logs below. Thank you. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/29/2014 Scan Time: 5:26:20 PM Logfile: mbam log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.29.08 Rootkit Database: v2014.10.22.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: dibollparts Scan Type: Threat Scan Result: Completed Objects Scanned: 344924 Time Elapsed: 4 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01 Ran by dibollparts at 2014-10-29 17:35:41 Run:1 Running from C:\Users\dibollparts\Downloads Loaded Profile: dibollparts (Available profiles: dibollparts & allied) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start CustomCLSID: HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [2632168996] => C:\Users\dibollparts\AppData\Roaming\msdjish.exe [500736 2013-08-28] (Allied Information Networks) HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=QuickOC&dpid=QuickOC&co=US&userid=31da0563-16f4-962b-8a50-c0cc2233bdff&searchtype=hp&installDate=03/10/2013 2014-10-27 13:55 - 2014-10-27 14:30 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp 2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe 2014-10-27 13:55 - 2014-10-27 13:55 - 00000944 ____H () C:\ProgramData\@system2.att 2014-10-27 13:55 - 2014-10-27 13:55 - 00000448 ____H () C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜 2014-10-24 16:45 - 2014-10-24 16:45 - 00000028 _____ () C:\Windows\SysWOW64\u 2014-10-24 16:44 - 2014-10-27 13:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-10-24 16:44 - 2014-10-24 16:44 - 00070656 _____ () C:\Windows\system32\aruxedk.dll 2014-10-24 16:44 - 2014-10-24 16:44 - 00003860 _____ () C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF} 2014-10-24 16:44 - 2014-10-24 16:44 - 00000000 _____ () C:\Windows\system32\yfesna.dll C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dll C:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dll End ***************** "HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully. HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2632168996 => value deleted successfully. "HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found. "HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. Chrome HomePage deleted successfully. C:\ProgramData\wrnhoah.tmp => Moved successfully. Could not move "C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe" => Scheduled to move on reboot. C:\ProgramData\@system2.att => Moved successfully. C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜 => Moved successfully. C:\Windows\SysWOW64\u => Moved successfully. C:\ProgramData\Windows Genuine Advantage => Moved successfully. C:\Windows\system32\aruxedk.dll => Moved successfully. C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF} => Moved successfully. Could not move "C:\Windows\system32\yfesna.dll" => Scheduled to move on reboot. "C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dll" => File/Directory not found. "C:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dll" => File/Directory not found. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-29 17:37:00)<= C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe => Is moved successfully. C:\Windows\system32\yfesna.dll => Is moved successfully. ==== End of Fixlog ====

For the last couple of days I have had multiple malicious website blocked pop ups show up for various IP addresses including fff5ee.com and searchnet.blinkxcore.com. I'm hoping someone can help. I ran the Farbar Recovery Scan Tool and got the following logs. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014Ran by dibollparts (administrator) on DIBOLLPARTS-PC on 27-10-2014 16:21:05Running from E:\Loaded Profile: dibollparts (Available profiles: dibollparts & allied)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(CNS International) C:\Program Files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(iAnywhere Solutions, Inc.) C:\Program Files\SQL Anywhere 11\Bin32\dbsrv11.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe(Allied Information Networks) C:\ALLIED\BASNTSrv.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe(Allied Information Networks) C:\Users\dibollparts\AppData\Roaming\msdjish.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0HKLM\...\Policies\Explorer: [HideSCAHealth] 0HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [bASNT] => c:\ALLIED\BASNT.EXEHKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-01] (Google Inc.)HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [shopAtHomeWatcher] => C:\Users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exeHKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [shopAtHomeUpdater] => C:\Users\dibollparts\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exeHKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [GoogleChromeAutoLaunch_42633E726CDEF9E0918FA6A3B75ACBF2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [ChromeUpdate] => C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe [18630862 2014-10-27] ()HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Run: [2632168996] => C:\Users\dibollparts\AppData\Roaming\msdjish.exe [500736 2013-08-28] (Allied Information Networks)HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Policies\Explorer: [TaskbarNoNotification] 0HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...\Policies\Explorer: [HideSCAHealth] 0HKU\S-1-5-21-1282170938-1678244530-1077303023-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0Lsa: [Authentication Packages] msv1_0 wvauthStartup: C:\Users\dibollparts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710n-z.lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710n-z.lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.0.1.3\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: AOL Messaging Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)BHO-x32: AOL Mail Toolbar Loader -> {fbea8524-8c72-4208-9d12-7fb73e9926eb} -> C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll (AOL)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)Toolbar: HKLM-x32 - AOL Mail Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files (x86)\AOL Mail Toolbar\aolmailtb.dll (AOL)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\dibollparts\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFFPlgnFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFFPlgn [2014-10-27]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-27] Chrome: =======CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=QuickOC&dpid=QuickOC&co=US&userid=31da0563-16f4-962b-8a50-c0cc2233bdff&searchtype=hp&installDate=03/10/2013CHR StartupUrls: Default -> "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000013&tb_uuid=D16070C15B1C4C83B4749E9CA9F2246F", "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()CHR Plugin: (Norton Identity Safe) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Profile: C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (YouTube) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]CHR Extension: (Google Search) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]CHR Extension: (Norton Identity Protection) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-27]CHR Extension: (Google Wallet) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]CHR Extension: (Gmail) - C:\Users\dibollparts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\Exts\Chrome.crx [2014-10-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BASrv; c:\ALLIED\BASNTSrv.exe [78848 2011-03-01] (Allied Information Networks) [File not signed]R2 InterCom; C:\Program Files (x86)\CNS International\The InterCom System\Server\ICSvrNT.EXE [419328 2001-02-02] (CNS International) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\N360.exe [264360 2013-08-31] (Symantec Corporation)R2 SQLANYs_Allied; C:\Program Files\SQL Anywhere 11\Bin32\dbsrv11.exe [141176 2011-04-01] (iAnywhere Solutions, Inc.)S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20130814.001\BHDrvx64.sys [1525336 2013-08-13] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1500010.003\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20130805.011\IDSVia64.sys [520280 2013-08-05] (Symantec Corporation)R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20130814.018\ENG64.SYS [126040 2013-08-14] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20130814.018\EX64.SYS [2100312 2013-08-14] (Symantec Corporation)R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)R3 SRTSP; C:\Windows\system32\drivers\N360x64\1500010.003\SRTSP64.SYS [854616 2013-07-30] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1500010.003\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1500010.003\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1500010.003\SYMEFA64.SYS [1147480 2013-08-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1500010.003\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\N360x64\1500010.003\SYMNETS.SYS [590424 2013-07-30] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 16:19 - 2014-10-27 16:21 - 00000000 ____D () C:\FRST2014-10-27 16:00 - 2014-10-27 16:00 - 00000197 _____ () C:\Windows\AlliedPlus.ini2014-10-27 15:54 - 2014-10-27 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-10-27 15:49 - 2014-10-27 12:28 - 191629048 _____ (Symantec Corporation) C:\Users\dibollparts\Downloads\N360ESD2101EN.exe2014-10-27 15:45 - 2014-10-27 15:45 - 00000134 _____ () C:\Users\dibollparts\Desktop\Internet Explorer Troubleshooting.url2014-10-27 14:57 - 2014-10-27 14:57 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2014-10-27 14:57 - 2014-10-27 14:57 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2014-10-27 14:57 - 2014-10-27 14:57 - 00003204 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-10-27 14:57 - 2014-10-27 14:57 - 00002388 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-10-27 14:57 - 2014-10-27 14:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared2014-10-27 14:56 - 2014-10-27 14:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Program Files (x86)\Norton 3602014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\dibollparts\DECRYPT_INSTRUCTION.HTML2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML2014-10-27 14:36 - 2014-10-27 14:36 - 00008560 _____ () C:\DECRYPT_INSTRUCTION.HTML2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\dibollparts\DECRYPT_INSTRUCTION.TXT2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT2014-10-27 14:36 - 2014-10-27 14:36 - 00004220 _____ () C:\DECRYPT_INSTRUCTION.TXT2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\Public\INSTALL_TOR.URL2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\Public\Documents\INSTALL_TOR.URL2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\INSTALL_TOR.URL2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\dibollparts\INSTALL_TOR.URL2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\Users\dibollparts\Documents\INSTALL_TOR.URL2014-10-27 14:36 - 2014-10-27 14:36 - 00000280 _____ () C:\INSTALL_TOR.URL2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\Roaming\DECRYPT_INSTRUCTION.HTML2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\Local\DECRYPT_INSTRUCTION.HTML2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\Users\dibollparts\AppData\DECRYPT_INSTRUCTION.HTML2014-10-27 14:34 - 2014-10-27 14:34 - 00008560 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\Roaming\DECRYPT_INSTRUCTION.TXT2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\Local\DECRYPT_INSTRUCTION.TXT2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\Users\dibollparts\AppData\DECRYPT_INSTRUCTION.TXT2014-10-27 14:34 - 2014-10-27 14:34 - 00004220 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\Roaming\INSTALL_TOR.URL2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\Local\INSTALL_TOR.URL2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\Users\dibollparts\AppData\INSTALL_TOR.URL2014-10-27 14:34 - 2014-10-27 14:34 - 00000280 _____ () C:\ProgramData\INSTALL_TOR.URL2014-10-27 14:19 - 2014-10-27 14:19 - 00000000 ____D () C:\Program Files (x86)\QS2014-10-27 13:59 - 2014-10-27 13:59 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\TeamViewer2014-10-27 13:55 - 2014-10-27 14:30 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe2014-10-27 13:55 - 2014-10-27 13:55 - 00000944 ____H () C:\ProgramData\@system2.att2014-10-27 13:55 - 2014-10-27 13:55 - 00000448 ____H () C:\Users\dibollparts\AppData\Roaming\麽鎒駓覜2014-10-27 11:02 - 2014-10-27 12:30 - 55915216 _____ (Microsoft Corporation) C:\Users\dibollparts\Downloads\IE11-Windows6.1-x64-en-us.exe2014-10-24 16:45 - 2014-10-24 16:45 - 00000028 _____ () C:\Windows\SysWOW64\u2014-10-24 16:44 - 2014-10-27 13:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-24 16:44 - 2014-10-24 16:44 - 00070656 _____ () C:\Windows\system32\aruxedk.dll2014-10-24 16:44 - 2014-10-24 16:44 - 00003860 _____ () C:\Windows\System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF}2014-10-24 16:44 - 2014-10-24 16:44 - 00000000 _____ () C:\Windows\system32\yfesna.dll2014-10-23 15:43 - 2014-10-27 13:58 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\CrashDumps2014-10-23 15:41 - 2014-10-23 15:41 - 00000000 ____D () C:\NPE2014-10-23 15:07 - 2014-10-23 16:24 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\NPE2014-10-23 14:42 - 2014-10-27 15:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-23 14:42 - 2014-10-24 08:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-23 14:42 - 2014-10-23 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-23 14:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-23 14:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-17 11:43 - 2014-10-21 16:16 - 00004078 _____ () C:\Windows\System32\Tasks\BOSS Extractor - Fasttrack2014-10-17 10:36 - 2014-10-17 10:36 - 00000020 ___SH () C:\Users\allied\ntuser.ini2014-10-17 10:36 - 2014-10-17 10:36 - 00000000 ____D () C:\Users\allied2014-10-17 10:36 - 2014-02-14 14:29 - 00000000 ____D () C:\Users\allied\AppData\Local\Google2014-10-17 10:36 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\allied\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-17 10:36 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\allied\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-10-16 08:37 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 08:37 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 08:37 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 08:37 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 08:37 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 08:37 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 08:37 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 08:37 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 08:37 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 08:37 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 08:32 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 08:32 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 08:32 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 08:32 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 08:32 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 08:32 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 08:32 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 08:32 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 08:32 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 08:32 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 08:32 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 08:32 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 08:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 08:32 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 08:32 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 08:32 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 08:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 08:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 08:32 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 08:32 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-16 08:31 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 08:31 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-01 08:23 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 08:23 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-30 11:39 - 2014-09-30 11:39 - 00000097 _____ () C:\Users\Public\Documents\SAH_Install.ini ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-27 16:17 - 2013-12-11 04:00 - 00018943 _____ () C:\Windows\IE11_main.log2014-10-27 16:17 - 2013-09-30 10:06 - 01487129 _____ () C:\Windows\WindowsUpdate.log2014-10-27 16:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-27 16:01 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-27 15:54 - 2013-09-30 16:33 - 00000000 ____D () C:\Users\dibollparts\Desktop\OpenOffice 4.0.0 (en-US) Installation Files2014-10-27 15:53 - 2013-10-23 11:34 - 00000000 ____D () C:\Users\dibollparts\Documents\Symantec2014-10-27 15:53 - 2013-09-30 10:18 - 00000000 ____D () C:\Users\Public\Documents\SQL Anywhere 112014-10-27 15:53 - 2013-09-30 10:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-27 15:48 - 2013-10-01 09:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-27 15:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-27 15:48 - 2009-07-13 23:51 - 00047288 _____ () C:\Windows\setupact.log2014-10-27 15:16 - 2010-11-20 22:47 - 01556264 _____ () C:\Windows\PFRO.log2014-10-27 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss2014-10-27 14:56 - 2013-09-30 16:34 - 00000000 ____D () C:\ProgramData\Norton2014-10-27 14:36 - 2014-03-04 12:15 - 00000000 ___RD () C:\Users\dibollparts\Google Drive2014-10-27 14:36 - 2013-09-30 13:05 - 00000000 ____D () C:\Users\dibollparts\Desktop\CHAD'S2014-10-27 14:36 - 2013-09-30 10:10 - 00000000 ____D () C:\Users\dibollparts2014-10-27 14:34 - 2014-04-23 09:30 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\HP2014-10-27 14:34 - 2014-01-08 11:51 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\AOL Mail Toolbar2014-10-27 14:34 - 2014-01-08 11:51 - 00000000 ____D () C:\ProgramData\AOL Mail Toolbar2014-10-27 14:34 - 2013-11-26 11:34 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\PTC2014-10-27 14:34 - 2013-10-01 09:05 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\Google2014-10-27 14:34 - 2013-10-01 08:55 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\OpenOffice2014-10-27 14:34 - 2013-09-30 12:46 - 00000000 ____D () C:\Users\dibollparts\AppData\Local\AOL2014-10-27 14:34 - 2013-09-30 12:46 - 00000000 ____D () C:\ProgramData\AIM Toolbar2014-10-27 14:34 - 2013-09-30 10:55 - 00000000 __HDC () C:\ProgramData\{4A5CBC98-7CD6-45EC-A87F-858CD28964FC}2014-10-27 14:34 - 2013-09-30 10:23 - 00000000 ____D () C:\ALLIED2014-10-27 14:34 - 2013-09-30 10:10 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\Adobe2014-10-27 14:34 - 2013-09-30 09:13 - 00000000 ____D () C:\ProgramData\Wave Systems Corp2014-10-27 14:34 - 2013-09-30 09:11 - 00000000 ____D () C:\ProgramData\NTRU Cryptosystems2014-10-27 14:34 - 2011-02-10 09:25 - 00000000 ____D () C:\dell2014-10-27 14:25 - 2013-10-01 08:31 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\SoftGrid Client2014-10-27 14:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-27 14:24 - 2009-07-14 00:13 - 00816664 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-25 03:15 - 2013-09-30 10:57 - 00000302 _____ () C:\Windows\Tasks\AQS Uploader Updates.job2014-10-24 16:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep2014-10-24 13:24 - 2013-10-01 09:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-24 13:24 - 2013-10-01 09:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-24 13:24 - 2013-10-01 09:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-23 15:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI2014-10-23 14:48 - 2014-03-05 16:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\dibollparts\AppData\Roaming\Malwarebytes2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-23 14:42 - 2014-03-05 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-10-21 15:26 - 2013-09-30 10:13 - 00000000 ____D () C:\Program Files (x86)\Citrix2014-10-21 10:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-20 18:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-20 13:14 - 2013-10-01 09:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-10-17 15:26 - 2013-09-30 10:19 - 00000000 ____D () C:\ProgramData\Sybase Central 6.0.02014-10-17 15:25 - 2013-09-30 10:46 - 00003343 _____ () C:\Users\dibollparts\.isqlPreferences112014-10-17 15:25 - 2013-09-30 10:46 - 00001609 _____ () C:\Users\dibollparts\.isqlHistory112014-10-17 11:18 - 2013-09-30 10:55 - 00000000 ____D () C:\Program Files (x86)\Allied2014-10-17 10:22 - 2013-09-30 10:45 - 00000286 _____ () C:\Users\dibollparts\.jlogon112014-10-17 03:20 - 2009-07-13 23:45 - 00292552 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-17 03:18 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-17 03:07 - 2013-10-01 09:05 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-01 11:11 - 2014-03-05 16:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Files to move or delete:====================C:\Users\dibollparts\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP:====================C:\Users\dibollparts\AppData\Local\Temp\cdo3149551479.dllC:\Users\dibollparts\AppData\Local\Temp\cdo517159356.dllC:\Users\dibollparts\AppData\Local\Temp\tv.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-20 18:05 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014Ran by dibollparts at 2014-10-27 16:21:31Running from E:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Premier Edition (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Premier Edition (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)AIM for Windows (HKCU\...\AIM) (Version: - AOL Inc.)Allied B.O.S.S. (HKCU\...\Allied B.O.S.S.) (Version: - )AOL Mail Toolbar (HKLM-x32\...\AOL Mail Toolbar) (Version: - AOL)AOL Messaging Toolbar (HKLM-x32\...\AIM Toolbar) (Version: - AOL Inc.)AQS Uploader (HKLM-x32\...\AQS Uploader) (Version: 1.3.7 - Allied Information Networks)AQS Uploader (x32 Version: 1.3.7 - Allied Information Networks) HiddenArbortext IsoView 7.1 (HKLM-x32\...\{08D9CAD3-48A1-4033-B794-82E97BE8E9CC}) (Version: 7.1.60.09 - PTC)ASPCA Reminder by We-Care.com v4.1.22.1 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.1 - We-Care.com)BioAPI Framework (Version: 1.0.2 - Dell Inc.) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)Crystal Reports 8.5 Runtime (HKLM-x32\...\Crystal Reports 8.5 Runtime) (Version: - )Custom (Version: 01.00.00.000 - Wave Systems Corp.) HiddenDell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) HiddenDell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) HiddenDownload Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTIONDW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) HiddenGemalto (Version: 01.64.01.0010 - Wave Systems Corp) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenHP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00 - Dell) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Norton 360 (HKLM-x32\...\N360) (Version: 21.0.1.3 - Symantec Corporation)NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) HiddenOpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)PC-CCID (Version: 2.0.0 - Gemalto) HiddenPreboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) HiddenPrivate Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) HiddenQuickShare (HKLM-x32\...\{27609265-ABBE-4358-8299-0D16EE4EDA63}) (Version: 10.206.60.14326 - Linkury Inc.) <==== ATTENTIONRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) HiddenSQL Anywhere 11 (HKLM\...\{ECE263B0-6C8B-404C-B4AC-8FAB1C87AB4A}) (Version: 11.1.2584 - iAnywhere Solutions, Inc.)Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) HiddenUpek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) HiddenWave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) HiddenWave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) HiddenWindows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1282170938-1678244530-1077303023-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 27-10-2014 19:23:30 Windows Modules Installer27-10-2014 21:15:02 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {36EA13E3-FFAC-4B4D-ABAB-23C554474125} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {385BF550-A574-408F-89AA-A8A6AC92006A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)Task: {49EB16AD-E67A-4CE1-9E66-2F47AD11BEE7} - System32\Tasks\BOSS AQS Uploader => C:\Program Files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exe [2012-10-02] (Microsoft)Task: {570C15D2-EA18-499F-9279-30D283588259} - System32\Tasks\Boss Daily backup - Local => C:\Program Files\SQL Anywhere 11\Bin32\dbbackup.exe [2011-04-01] (iAnywhere Solutions, Inc.)Task: {6B6D46CB-234C-450F-B3A3-73C0133CCDF7} - System32\Tasks\{734C9E29-0266-FD7D-84A4-5F80C8A3C3AF} => C:\Windows\system32\aruxedk.dll [2014-10-24] ()Task: {73DB406F-F52A-429C-AFE9-A852A093B3AB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\SymErr.exe [2013-08-01] (Symantec Corporation)Task: {9B54BD8C-6716-43BC-9B3A-4379D2A14F8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-01] (Google Inc.)Task: {B87D7A83-A4FC-4C67-A118-FB1ED7D65CC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-30] (Adobe Systems Incorporated)Task: {D302926F-7B5D-4650-83AE-C50D0DA5D804} - System32\Tasks\BOSS Extractor - Fasttrack => C:\Program Files (x86)\Allied\BOSS Extractor\BOSSExtractor.exe [2014-10-17] ()Task: {ECA7BED0-B9D2-42C5-AA66-B17F181F9E04} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.0.1.3\WSCStub.exe [2013-08-31] (Symantec Corporation)Task: {FF4645E6-387A-4470-A31F-895A074035EF} - System32\Tasks\AQS Uploader Updates => C:\Windows\Installer\AQS Uploader Updates for All Users.lnk [2013-09-30] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AQS Uploader Updates.job => ?Task: C:\Windows\Tasks\BOSS AQS Upload.job => C:\Program Files (x86)\Allied\AQS Uploader\BOSS\AQS Uploader.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-25 19:47 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-10-27 13:55 - 2014-10-27 13:55 - 18630862 _____ () C:\Users\dibollparts\AppData\Roaming\ChromeUpdate.exe2014-10-17 03:06 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll2014-10-17 03:06 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll2014-10-17 03:06 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll2014-10-17 03:06 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll2014-10-17 03:25 - 2014-10-17 03:25 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll2013-09-30 10:08 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1282170938-1678244530-1077303023-500 - Administrator - Disabled)allied (S-1-5-21-1282170938-1678244530-1077303023-1001 - Administrator - Enabled) => C:\Users\allieddibollparts (S-1-5-21-1282170938-1678244530-1077303023-1000 - Administrator - Enabled) => C:\Users\dibollpartsGuest (S-1-5-21-1282170938-1678244530-1077303023-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/27/2014 03:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 03:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 03:14:15 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 03:05:37 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 02:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 02:38:26 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered]. Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered]. Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered]. System errors:=============Error: (10/27/2014 03:49:26 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/27/2014 03:48:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (10/27/2014 03:35:39 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084TdmService{2F723A84-FD6F-4C32-9477-391FA6EA0BB6} Error: (10/27/2014 03:21:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/27/2014 03:17:42 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/27/2014 03:17:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (10/27/2014 03:58:26 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 03:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 03:14:15 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 03:05:37 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 02:53:31 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/27/2014 02:38:26 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Error: Initialization failed 0x80070422 Type: 88::UnexpectedError. Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered Error: (10/27/2014 02:30:20 PM) (Source: VSS) (EventID: 22) (User: )Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered ==================== Memory info =========================== Processor: Intel® Core i7-2600 CPU @ 3.40GHzPercentage of memory in use: 46%Total physical RAM: 8072.93 MBAvailable physical RAM: 4353.84 MBTotal Pagefile: 16144.05 MBAvailable Pagefile: 11616.35 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:874.59 GB) NTFSDrive e: (Lexar) (Removable) (Total:29.81 GB) (Free:29.11 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 6F796CAD)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================