Solved Microsoft Security Essentials found - TrojanDownloader: JS/Swabfex.P

[Bob Hobart]

It indicated I should delete it and I did (before reading the Instruction thread.
It shutdown McAfee Security Scan Plis on my machine so I assume it got to the Registry already.
FRST failed to complete the first run but completed successfully on the second run,...
No other obvious issues at this time,...
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-08-2016
Ran by Bill Hebert (administrator) on BILLS-MACHINE (30-08-2016 15:47:30)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Promise Technology, Inc.) C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Razer\Copperhead\razertra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-12-21] (ATI Technologies, Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [Copperhead] => C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [23889496 2016-08-23] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-20] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Google Update] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Amazon Music] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-18\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk [2009-12-30]
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-12-30]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{056965E7-B770-4A95-A613-F8D6CD456FF9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {8ACF205B-9DD8-4599-B15A-D7C1E172C480} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262217052281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2016-02-06] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2016-02-06] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-30] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-12-21] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RAIDmAgt; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe [679936 2004-09-06] (Promise Technology, Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
S3 APL531; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [165888 2005-02-01] (ATI Technologies Inc.)
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-03] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340176 2006-08-17] (Creative Technology Ltd)
R0 fasttx2k; C:\WINDOWS\System32\drivers\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R3 FTEventService; C:\Program Files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [3873 2009-12-29] (Promise Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\USR_BSC2.sys [231168 2005-08-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\USR_MDMV.sys [1035008 2005-08-08] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-30] (Malwarebytes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl58e0a17f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A005FDD3-CAA8-4554-B9C3-0573E29FA3B0}\MpKsl58e0a17f.sys [39168 2016-08-30] (Microsoft Corporation)
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2005-02-01] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 UsbFltr; C:\WINDOWS\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_USR.sys [729728 2005-08-08] (Conexant Systems, Inc.)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 15:46 - 2016-08-30 15:47 - 00000406 _____ C:\Documents and Settings\Bill Hebert\Desktop\Addition.txt
2016-08-30 15:45 - 2016-08-30 15:47 - 00023719 _____ C:\Documents and Settings\Bill Hebert\Desktop\FRST.txt
2016-08-30 15:44 - 2016-08-30 15:47 - 00000000 ____D C:\FRST
2016-08-30 15:43 - 2016-08-30 15:43 - 01747968 _____ (Farbar) C:\Documents and Settings\Bill Hebert\Desktop\FRST.exe
2016-08-30 15:06 - 2016-08-30 15:40 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2016-08-30 15:04 - 2016-08-14 11:01 - 00000425 _____ C:\AVScanner.ini
2016-08-24 10:59 - 2016-08-24 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 15:47 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Temp
2016-08-30 15:46 - 2015-10-24 15:41 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 15:46 - 2015-10-24 15:41 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 15:44 - 2013-04-20 14:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 15:40 - 2014-03-27 11:54 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-08-30 15:31 - 2009-12-29 19:49 - 00000129 _____ C:\WINDOWS\MsgAgt.INI
2016-08-30 15:30 - 2015-07-12 11:15 - 00000546 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2016-08-30 15:30 - 2014-03-27 11:44 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-30 15:30 - 2013-04-20 14:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 15:30 - 2009-12-29 13:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 15:18 - 2011-03-20 17:43 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
2016-08-30 15:11 - 2014-07-19 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 14:44 - 2009-12-29 13:26 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-30 14:18 - 2011-03-20 17:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
2016-08-30 12:09 - 2014-05-18 12:36 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-08-30 12:00 - 2015-10-24 15:41 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Dropbox
2016-08-30 11:58 - 2006-02-28 05:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-27 20:52 - 2009-12-30 11:18 - 00064756 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-08-27 20:52 - 2009-12-30 11:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-08-27 20:52 - 2009-12-29 13:28 - 00000178 ___SH C:\Documents and Settings\Bill Hebert\ntuser.ini
2016-08-27 16:30 - 2015-10-24 15:52 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents\Dropbox
2016-08-24 10:59 - 2015-10-24 15:41 - 00000000 ____D C:\Program Files\Dropbox
2016-08-22 10:00 - 2010-04-03 11:45 - 00000000 ____D C:\Documents and Settings\Bill Hebert\My Documents\MS Excel
2016-08-19 10:10 - 2010-03-28 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-08-16 16:25 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert
2016-08-10 15:21 - 2013-08-14 15:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:11 - 2009-12-30 17:35 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 14:20 - 2010-03-29 22:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

==================== Files in the root of some directories =======

2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-08-2016
Ran by Bill Hebert (30-08-2016 15:46:42)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

I still need Additional log from FRST.

 

[Bob Hobart]

Resending Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-08-2016
Ran by Bill Hebert (30-08-2016 15:46:42)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

 

[Broni]

The above log is incomplete.
Please post entire log.

 

[Bob Hobart]

Broni,
That was the complete Addition.txt log I have. I reran FRST.exe and got the same .log file result. So I deleted everything so I could start all over. Now I can not find your download link in your post above to download FRST.exe again???

 

[Broni]

https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

 

[Bob Hobart]

Ran on first try this time and both files completed and are attached,...

*** FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Bill Hebert (administrator) on BILLS-MACHINE (02-09-2016 12:17:10)
Running from C:\Documents and Settings\Bill Hebert\My Documents\Downloads
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Promise Technology, Inc.) C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-12-21] (ATI Technologies, Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [Copperhead] => C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [23889496 2016-08-23] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-20] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Google Update] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Amazon Music] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-18\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk [2009-12-30]
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-12-30]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{056965E7-B770-4A95-A613-F8D6CD456FF9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {8ACF205B-9DD8-4599-B15A-D7C1E172C480} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262217052281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2016-02-06] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2016-02-06] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-30] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-12-21] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RAIDmAgt; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe [679936 2004-09-06] (Promise Technology, Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
S3 APL531; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [165888 2005-02-01] (ATI Technologies Inc.)
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-03] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340176 2006-08-17] (Creative Technology Ltd)
R0 fasttx2k; C:\WINDOWS\System32\drivers\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R3 FTEventService; C:\Program Files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [3873 2009-12-29] (Promise Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\USR_BSC2.sys [231168 2005-08-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\USR_MDMV.sys [1035008 2005-08-08] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-30] (Malwarebytes)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2005-02-01] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 UsbFltr; C:\WINDOWS\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_USR.sys [729728 2005-08-08] (Conexant Systems, Inc.)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 15:44 - 2016-09-02 12:17 - 00000000 ____D C:\FRST
2016-08-30 15:06 - 2016-08-30 15:40 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2016-08-30 15:04 - 2016-08-14 11:01 - 00000425 _____ C:\AVScanner.ini
2016-08-24 10:59 - 2016-08-24 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 12:17 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Temp
2016-09-02 12:12 - 2015-10-24 15:41 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-02 12:12 - 2015-07-12 11:15 - 00000546 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2016-09-02 12:12 - 2014-03-27 11:44 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-09-02 12:12 - 2013-04-20 14:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-02 12:12 - 2009-12-29 19:49 - 00000129 _____ C:\WINDOWS\MsgAgt.INI
2016-09-02 12:12 - 2009-12-29 13:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-02 12:12 - 2006-02-28 05:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-01 09:29 - 2009-12-30 11:18 - 00064756 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-01 09:29 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-01 09:29 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-01 09:29 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-09-01 09:29 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-09-01 09:29 - 2009-12-30 11:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-09-01 09:29 - 2009-12-29 13:28 - 00000178 ___SH C:\Documents and Settings\Bill Hebert\ntuser.ini
2016-09-01 09:29 - 2009-12-29 13:26 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-01 09:18 - 2011-03-20 17:43 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
2016-09-01 08:46 - 2015-10-24 15:41 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-31 10:37 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert
2016-08-31 10:20 - 2009-12-29 13:28 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents
2016-08-31 10:01 - 2014-03-27 11:54 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-08-31 09:52 - 2010-03-28 19:01 - 00002515 _____ C:\Documents and Settings\Bill Hebert\Desktop\Microsoft Office Word 2007.lnk
2016-08-30 15:44 - 2013-04-20 14:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 15:11 - 2014-07-19 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 14:18 - 2011-03-20 17:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
2016-08-30 12:09 - 2014-05-18 12:36 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-08-30 12:00 - 2015-10-24 15:41 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Dropbox
2016-08-27 16:30 - 2015-10-24 15:52 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents\Dropbox
2016-08-24 10:59 - 2015-10-24 15:41 - 00000000 ____D C:\Program Files\Dropbox
2016-08-22 10:00 - 2010-04-03 11:45 - 00000000 ____D C:\Documents and Settings\Bill Hebert\My Documents\MS Excel
2016-08-19 10:10 - 2010-03-28 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-08-10 15:21 - 2013-08-14 15:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:11 - 2009-12-30 17:35 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 14:20 - 2010-03-29 22:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

==================== Files in the root of some directories =======

2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

[Bob Hobart]

*** ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Bill Hebert (02-09-2016 12:17:55)
Running from C:\Documents and Settings\Bill Hebert\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1844237615-1788223648-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1844237615-1788223648-682003330-1005 - Limited - Enabled)
Bill Hebert (S-1-5-21-1844237615-1788223648-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bill Hebert
Guest (S-1-5-21-1844237615-1788223648-682003330-501 - Limited - Enabled)
Guest User (S-1-5-21-1844237615-1788223648-682003330-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest User
HelpAssistant (S-1-5-21-1844237615-1788223648-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1844237615-1788223648-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
35mm Film Scanner X86 (HKLM\...\{F3CF9967-7631-4DE5-9FAF-A9712D450C2B}) (Version: 5.00.0000 - 35mm Film Scanner)
7-Zip File Manager version 9.20 (HKLM\...\{863448D4-F184-4B21-A46B-323C97A2D038}_is1) (Version: 9.20 - Download Freely, LLC)
ABF Outlook Express Backup (HKLM\...\{C19FD5D9-475F-4BB8-99F6-9F5B680DE183}) (Version: 2.73 - ABF software)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D5F3ED63-272E-4C35-9771-601C906C19D0}) (Version: 6.1.56.148 - ArcSoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1011 - )
ATI Catalyst Control Center (HKLM\...\{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}) (Version: 1.0.1760.38296 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5137 - )
ATI Decoder (HKLM\...\InstallShield_{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}) (Version: 3.10 - ATI Technologies Inc.)
ATI Decoder (Version: 3.10 - ATI Technologies Inc.) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.091-041221a-020645C-ATI - )
ATI HYDRAVISION (HKLM\...\{083F79E4-6FE9-46FB-A6C6-4F8862742947}) (Version: 3.25.9006 - )
ATI Multimedia Center (Version: 9.03 - ATI Technologies) Hidden
ATI Multimedia Center 9.03 (HKLM\...\InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}) (Version: 9.03 - ATI Technologies)
ATI Problem Report Wizard (HKLM\...\{2049131B-57D2-4C70-B25F-B683C8E52142}) (Version: 8.09 - ATI Technologies)
AudibleManager (HKLM\...\AudibleManager) (Version: 1309592.1378168.1310188.2089871648 - Audible, Inc.)
Bing Bar (HKLM\...\{30482AC3-4FC6-4E35-95F2-0BB415960631}) (Version: 7.0.760.0 - Microsoft Corporation)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Creative Audio Console (HKLM\...\AudioCS) (Version: - )
DAO (HKLM\...\InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}) (Version: 3.5 - ATI)
DAO (Version: 3.5 - ATI) Hidden
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM\...\ffdshow_is1) (Version: 1.1.4369.0 - )
FileZilla Client 3.5.3 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free MP4 Video Converter version 5.0.14.627 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.14.627 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.21.1212 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free YouTube Download version 4.0.0.915 (HKLM\...\Free YouTube Download_is1) (Version: 4.0.0.915 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{23199BD2-AFD7-450E-ADC8-3E16132F17A2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{C73CA646-73B3-4AEF-A136-C37505745174}) (Version: 10.4.0.80 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Promise Array Management (PAM) (HKLM\...\{FC9D4665-8553-4EBB-9456-31FD98D8C62D}) (Version: 4.00.0000 - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Razer Copperhead (HKLM\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: - )
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SSA Benefit Calculator (HKLM\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.11.0002 - Social Security Administration)
thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.)
U.S. Robotics V.92 PCI Faxmodem (HKLM\...\USR_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_200014F1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\WinDirStat) (Version: - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.99\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.57\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.25.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.27.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.69\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.2.183.39\goopd (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.79\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.23.9\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.30.3\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.1\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.145\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.123\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.153\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.13\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.29.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4190\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.24.15\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.149\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.22.3\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.165\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.26.9\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.115\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.29.1\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.25.11\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.15\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.65\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.22.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.111\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.24.7\psuser. (the data entry has 14 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Bill Hebert\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ATI HYDRAVISION\Download latest HYDRAVISION from ATI.com.lnk -> hxxp://www.ati.com/online/hydravision

==================== Loaded Modules (Whitelisted) ==============

2012-01-08 06:41 - 2012-01-08 06:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6f9eecbd\mscorlib.dll
2013-07-11 03:19 - 2013-07-11 03:19 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bbf45ea2\system.dll
2013-07-11 03:19 - 2013-07-11 03:19 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bb86be42\system.windows.forms.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f212f96d\system.xml.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1c78821\system.drawing.dll
2009-12-30 11:17 - 2006-08-17 12:32 - 00003072 _____ () C:\WINDOWS\CTXFIRES.DLL
2009-12-30 11:21 - 2005-11-25 11:53 - 00155648 _____ () C:\Program Files\Razer\Copperhead\razerhid.exe
2009-12-30 11:21 - 2005-08-17 14:23 - 00151552 _____ () C:\Program Files\Razer\Copperhead\download.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-24 10:59 - 2016-07-11 19:07 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-08-24 10:58 - 2016-07-11 19:07 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-08-24 10:59 - 2016-07-11 19:07 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-08-24 10:59 - 2016-07-11 19:09 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00144848 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2016-08-24 10:59 - 2016-07-11 19:08 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-08-24 10:58 - 2016-08-23 16:17 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-08-24 10:58 - 2016-08-23 16:17 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2016-08-24 10:59 - 2016-08-23 16:17 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 10:59 - 2016-07-11 19:07 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 03929392 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 01972016 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00132912 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-24 10:59 - 2016-07-11 19:09 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-08-24 10:59 - 2016-08-23 16:17 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2015-07-12 11:15 - 2015-07-06 10:47 - 05886784 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
2009-12-30 11:21 - 2005-11-25 11:54 - 00147456 _____ () C:\Program Files\Razer\Copperhead\razertra.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7651 more sites.

IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123simsen.com -> www.123simsen.com

There are 7648 more sites.

 

[Bob Hobart]

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 05:00 - 2016-06-23 13:28 - 00000070 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [H:\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabledropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [H:\setup\hpznui01.exe] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe] => Enabled:hpznui01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator
StandardProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabledropbox
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002

==================== Restore Points =========================

27-06-2016 10:19:19 Software Distribution Service 3.0
28-06-2016 10:30:58 System Checkpoint
29-06-2016 12:41:17 Software Distribution Service 3.0
01-07-2016 10:42:58 Software Distribution Service 3.0
02-07-2016 12:13:28 Software Distribution Service 3.0
04-07-2016 12:27:12 Software Distribution Service 3.0
05-07-2016 14:15:45 Software Distribution Service 3.0
07-07-2016 10:55:11 Software Distribution Service 3.0
08-07-2016 15:23:23 Software Distribution Service 3.0
09-07-2016 15:32:58 Software Distribution Service 3.0
11-07-2016 08:35:44 Software Distribution Service 3.0
11-07-2016 10:04:12 Software Distribution Service 3.0
12-07-2016 12:02:50 Software Distribution Service 3.0
13-07-2016 11:11:18 Software Distribution Service 3.0
13-07-2016 14:18:31 Software Distribution Service 3.0
15-07-2016 08:56:27 Software Distribution Service 3.0
16-07-2016 10:00:52 System Checkpoint
17-07-2016 13:03:54 Software Distribution Service 3.0
18-07-2016 13:37:58 Software Distribution Service 3.0
20-07-2016 16:35:29 Software Distribution Service 3.0
22-07-2016 09:18:48 Software Distribution Service 3.0
23-07-2016 19:43:28 Software Distribution Service 3.0
25-07-2016 19:29:02 Software Distribution Service 3.0
27-07-2016 11:21:38 Software Distribution Service 3.0
28-07-2016 13:25:03 Software Distribution Service 3.0
29-07-2016 15:20:38 Software Distribution Service 3.0
01-08-2016 09:10:21 Software Distribution Service 3.0
02-08-2016 10:27:01 Software Distribution Service 3.0
05-08-2016 09:29:04 Software Distribution Service 3.0
07-08-2016 10:42:57 Software Distribution Service 3.0
08-08-2016 16:43:14 Software Distribution Service 3.0
10-08-2016 14:33:58 Software Distribution Service 3.0
10-08-2016 15:08:04 Software Distribution Service 3.0
14-08-2016 11:08:19 Software Distribution Service 3.0
15-08-2016 17:14:46 Software Distribution Service 3.0
17-08-2016 15:27:33 Software Distribution Service 3.0
19-08-2016 10:09:56 Software Distribution Service 3.0
19-08-2016 23:38:28 Software Distribution Service 3.0
22-08-2016 07:26:27 Software Distribution Service 3.0
22-08-2016 10:30:32 Software Distribution Service 3.0
24-08-2016 08:30:22 Software Distribution Service 3.0
26-08-2016 22:17:32 Software Distribution Service 3.0
30-08-2016 12:08:56 Software Distribution Service 3.0
30-08-2016 13:31:50 Microsoft Antimalware Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2016 03:47:15 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 997881968.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/30/2016 03:46:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 29.8.2016.0, faulting module frst.exe, version 29.8.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]


System errors:
=============
Error: (09/02/2016 12:18:00 PM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/02/2016 12:13:00 PM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/02/2016 12:12:32 PM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/02/2016 12:12:21 PM) (Source: Microsoft Antimalware) (EventID: 2042) (User: )
Description: The support for your operating system has expired. Microsoft Antimalware is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

Error: (09/01/2016 08:50:52 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/01/2016 08:45:59 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/01/2016 08:45:46 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/01/2016 08:45:31 AM) (Source: Microsoft Antimalware) (EventID: 2042) (User: )
Description: The support for your operating system has expired. Microsoft Antimalware is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.

Error: (08/31/2016 10:01:05 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running Microsoft Antimalware on an out of support operating system is not an adequate solution to protect against threats.

Error: (08/31/2016 09:57:33 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 2047.23 MB
Available physical RAM: 1391.13 MB
Total Virtual: 3943.49 MB
Available Virtual: 3467.93 MB

==================== Drives ================================

Drive c: (XPWin Drive) (Fixed) (Total:49.68 GB) (Free:5.28 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (PROGRAM & DATA DRIVE) (Fixed) (Total:49.69 GB) (Free:44.44 GB) NTFS
Drive e: (VIDEO & MUSIC DRIVE) (Fixed) (Total:49.64 GB) (Free:30.99 GB) NTFS
Drive I: (IPOD MUSIC DRIVE) (Fixed) (Total:56.68 GB) (Free:0.43 GB) NTFS
Drive j: (BACK-UP DRIVE) (Fixed) (Total:46.4 GB) (Free:21.58 GB) NTFS
Drive k: (ARCHIVE DRIVE) (Fixed) (Total:45.97 GB) (Free:23.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 0911D91B)
Partition 1: (Not Active) - (Size=56.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.4 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0CDD2078)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Broni]

Good

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Bob Hobart]

One other thing, I do have a utility I can try to run that should delete the current RogueKiller setup.exe file but I do not want to run it until checking with you first,...

 

[Bob Hobart]

Broni,

It appears that my last post I made a few days ago got deleted as I can not see it again in this thread. Can you now send responses to my other e-mail address on my other computer billhebert721@gmail.com. My current e-mail in not reliable.

I downloaded RogueKiller setup from Link1 and it did not run. I downloaded from Link2 and it did not run also. I rebotted my machine and tried again and it did not run. I try to delete the setup.exe file and it will not delete. Iy says it is being use my Microsoft Security Essentials and can not be deleted. I could try yo use the program unlocker to try to delete it,..,

 

[Bob Hobart]

I just tried to post another post from my infected machine and it did not post so I can only send posts from my other machine using billhebert721@gmail.com

 

[Bob Hobart]

I did send this e-mail from my infected machine to this machine (dumb me,...) Could I have infected this machine?

 

[Broni]

I doubt.
Skip RogueKIller and proceed with other scans.
If you wish you can change your email address in your profile.

 

[Bob Hobart]

Could I try running RogueKiller from Safe Mode?
And then see if I can post from that machine if it runs,...
(Right now I would have to copy files over to this machine to post them which is not my best option,...)

 

[Broni]

You can try.

 

[Bob Hobart]

Broni,
RogueKiller also did not run in safe mode.
I do have a copy of RogueKiller on my machine from 2014.
Do you want me to try to run it or skip it and run MBAM which is the net on your list.

 

[Bob Hobart]

Broni,
1> What is the best way for me to move text files over to a new computer without infecting the new machine?
Google Mail? USB drive? Other?
2> Also, I do have Recovery Console on my machine which was installed back in 2014,...

 

[Broni]

Skip RogueKiller.

Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

 

[Bob Hobart]

MBAM 2.0 was already loaded and it ran fine with no issues detected

Moving on to AdwCleaner

*** SCAN log below:
==================================================
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2016
Scan Time: 11:00:53 AM
Logfile: mbam 9-8-16-1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.08.08
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Bill Hebert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343122
Time Elapsed: 17 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

=======================================================

 

[Bob Hobart]

Loaded AdwCleaner and it will not run also

 

[Bob Hobart]

Tried to run AdwCleaner a few more times and each time it got a little farther and finally ran to completion.
Decided to wait to see what program you wanted me to run next,...
JRT or try RogueKiller again,...

[S1] file below:
There was also a [C0] and [S0] file generated - not attached

# AdwCleaner v6.010 - Logfile created 08/09/2016 at 12:11:32
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-08.2 [Server]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Bill Hebert - BILLS-MACHINE
# Running from : C:\Documents and Settings\Bill Hebert\Desktop\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
Folder Found: C:\Program Files\Yahoo!\Companion


***** [ Files ] *****

File Found: C:\Program Files\Yahoo!\Common\unyt.exe


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
Key Found: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
Key Found: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Key Found: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
Key Found: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
Key Found: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Key Found: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.DataStore
Key Found: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Key Found: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Key Found: HKLM\SOFTWARE\Classes\YPUBC.StringList
Key Found: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Key Found: HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found: HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found: HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
Key Found: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
Key Found: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
Key Found: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
Key Found: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Key Found: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Key Found: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Key Found: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Key Found: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Found: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Yahoo\Companion
Key Found: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Yahoo\YFriendsBar
Key Found: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKCU\Software\Yahoo\Companion
Key Found: HKCU\Software\Yahoo\YFriendsBar
Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Yahoo\Companion
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [9888 Bytes] - [08/09/2016 12:04:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [9809 Bytes] - [08/09/2016 12:11:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9882 Bytes] ##########

 

[Broni]

JRT?

 

[Bob Hobart]

JRT logfile

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x86
Ran by Bill Hebert (Administrator) on Thu 09/08/2016 at 21:07:09.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1BH03WF8 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7SEP55HI (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E9CDIAH9 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FTKRAE8T (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HHH6XSR6 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N3S6T7M3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJF4LNCO (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QPBDZX2X (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1BH03WF8 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7SEP55HI (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E9CDIAH9 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FTKRAE8T (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HHH6XSR6 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N3S6T7M3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OJF4LNCO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QPBDZX2X (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/08/2016 at 21:09:02.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~