Bob Hobart
Posts: 81 +0
It indicated I should delete it and I did (before reading the Instruction thread.
It shutdown McAfee Security Scan Plis on my machine so I assume it got to the Registry already.
FRST failed to complete the first run but completed successfully on the second run,...
No other obvious issues at this time,...
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-08-2016
Ran by Bill Hebert (administrator) on BILLS-MACHINE (30-08-2016 15:47:30)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Promise Technology, Inc.) C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Razer\Copperhead\razertra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-12-21] (ATI Technologies, Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [Copperhead] => C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [23889496 2016-08-23] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-20] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Google Update] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Amazon Music] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-18\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk [2009-12-30]
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-12-30]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{056965E7-B770-4A95-A613-F8D6CD456FF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {8ACF205B-9DD8-4599-B15A-D7C1E172C480} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262217052281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2016-02-06] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2016-02-06] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-30] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-12-21] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RAIDmAgt; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe [679936 2004-09-06] (Promise Technology, Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
S3 APL531; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [165888 2005-02-01] (ATI Technologies Inc.)
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-03] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340176 2006-08-17] (Creative Technology Ltd)
R0 fasttx2k; C:\WINDOWS\System32\drivers\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R3 FTEventService; C:\Program Files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [3873 2009-12-29] (Promise Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\USR_BSC2.sys [231168 2005-08-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\USR_MDMV.sys [1035008 2005-08-08] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-30] (Malwarebytes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl58e0a17f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A005FDD3-CAA8-4554-B9C3-0573E29FA3B0}\MpKsl58e0a17f.sys [39168 2016-08-30] (Microsoft Corporation)
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2005-02-01] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 UsbFltr; C:\WINDOWS\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_USR.sys [729728 2005-08-08] (Conexant Systems, Inc.)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-30 15:46 - 2016-08-30 15:47 - 00000406 _____ C:\Documents and Settings\Bill Hebert\Desktop\Addition.txt
2016-08-30 15:45 - 2016-08-30 15:47 - 00023719 _____ C:\Documents and Settings\Bill Hebert\Desktop\FRST.txt
2016-08-30 15:44 - 2016-08-30 15:47 - 00000000 ____D C:\FRST
2016-08-30 15:43 - 2016-08-30 15:43 - 01747968 _____ (Farbar) C:\Documents and Settings\Bill Hebert\Desktop\FRST.exe
2016-08-30 15:06 - 2016-08-30 15:40 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2016-08-30 15:04 - 2016-08-14 11:01 - 00000425 _____ C:\AVScanner.ini
2016-08-24 10:59 - 2016-08-24 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-30 15:47 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Temp
2016-08-30 15:46 - 2015-10-24 15:41 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 15:46 - 2015-10-24 15:41 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 15:44 - 2013-04-20 14:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 15:40 - 2014-03-27 11:54 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-08-30 15:31 - 2009-12-29 19:49 - 00000129 _____ C:\WINDOWS\MsgAgt.INI
2016-08-30 15:30 - 2015-07-12 11:15 - 00000546 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2016-08-30 15:30 - 2014-03-27 11:44 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-30 15:30 - 2013-04-20 14:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 15:30 - 2009-12-29 13:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 15:18 - 2011-03-20 17:43 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
2016-08-30 15:11 - 2014-07-19 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 14:44 - 2009-12-29 13:26 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-30 14:18 - 2011-03-20 17:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
2016-08-30 12:09 - 2014-05-18 12:36 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-08-30 12:00 - 2015-10-24 15:41 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Dropbox
2016-08-30 11:58 - 2006-02-28 05:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-27 20:52 - 2009-12-30 11:18 - 00064756 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-08-27 20:52 - 2009-12-30 11:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-08-27 20:52 - 2009-12-29 13:28 - 00000178 ___SH C:\Documents and Settings\Bill Hebert\ntuser.ini
2016-08-27 16:30 - 2015-10-24 15:52 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents\Dropbox
2016-08-24 10:59 - 2015-10-24 15:41 - 00000000 ____D C:\Program Files\Dropbox
2016-08-22 10:00 - 2010-04-03 11:45 - 00000000 ____D C:\Documents and Settings\Bill Hebert\My Documents\MS Excel
2016-08-19 10:10 - 2010-03-28 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-08-16 16:25 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert
2016-08-10 15:21 - 2013-08-14 15:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:11 - 2009-12-30 17:35 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 14:20 - 2010-03-29 22:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
==================== Files in the root of some directories =======
2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-08-2016
Ran by Bill Hebert (30-08-2016 15:46:42)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
It shutdown McAfee Security Scan Plis on my machine so I assume it got to the Registry already.
FRST failed to complete the first run but completed successfully on the second run,...
No other obvious issues at this time,...
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-08-2016
Ran by Bill Hebert (administrator) on BILLS-MACHINE (30-08-2016 15:47:30)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Promise Technology, Inc.) C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Razer\Copperhead\razertra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-12-21] (ATI Technologies, Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [Copperhead] => C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [23889496 2016-08-23] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-20] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Google Update] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Amazon Music] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-18\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk [2009-12-30]
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-12-30]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{056965E7-B770-4A95-A613-F8D6CD456FF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {8ACF205B-9DD8-4599-B15A-D7C1E172C480} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262217052281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2016-02-06] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2016-02-06] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-30] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-12-21] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RAIDmAgt; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe [679936 2004-09-06] (Promise Technology, Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
S3 APL531; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [165888 2005-02-01] (ATI Technologies Inc.)
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-03] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340176 2006-08-17] (Creative Technology Ltd)
R0 fasttx2k; C:\WINDOWS\System32\drivers\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R3 FTEventService; C:\Program Files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [3873 2009-12-29] (Promise Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\USR_BSC2.sys [231168 2005-08-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\USR_MDMV.sys [1035008 2005-08-08] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-08-30] (Malwarebytes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl58e0a17f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A005FDD3-CAA8-4554-B9C3-0573E29FA3B0}\MpKsl58e0a17f.sys [39168 2016-08-30] (Microsoft Corporation)
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2005-02-01] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 UsbFltr; C:\WINDOWS\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_USR.sys [729728 2005-08-08] (Conexant Systems, Inc.)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-30 15:46 - 2016-08-30 15:47 - 00000406 _____ C:\Documents and Settings\Bill Hebert\Desktop\Addition.txt
2016-08-30 15:45 - 2016-08-30 15:47 - 00023719 _____ C:\Documents and Settings\Bill Hebert\Desktop\FRST.txt
2016-08-30 15:44 - 2016-08-30 15:47 - 00000000 ____D C:\FRST
2016-08-30 15:43 - 2016-08-30 15:43 - 01747968 _____ (Farbar) C:\Documents and Settings\Bill Hebert\Desktop\FRST.exe
2016-08-30 15:06 - 2016-08-30 15:40 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2016-08-30 15:04 - 2016-08-14 11:01 - 00000425 _____ C:\AVScanner.ini
2016-08-24 10:59 - 2016-08-24 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-30 15:47 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Temp
2016-08-30 15:46 - 2015-10-24 15:41 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-30 15:46 - 2015-10-24 15:41 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-30 15:44 - 2013-04-20 14:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 15:40 - 2014-03-27 11:54 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-08-30 15:31 - 2009-12-29 19:49 - 00000129 _____ C:\WINDOWS\MsgAgt.INI
2016-08-30 15:30 - 2015-07-12 11:15 - 00000546 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2016-08-30 15:30 - 2014-03-27 11:44 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-30 15:30 - 2013-04-20 14:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 15:30 - 2009-12-29 13:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 15:18 - 2011-03-20 17:43 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
2016-08-30 15:11 - 2014-07-19 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 14:44 - 2009-12-29 13:26 - 00032426 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-30 14:18 - 2011-03-20 17:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
2016-08-30 12:09 - 2014-05-18 12:36 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-08-30 12:00 - 2015-10-24 15:41 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Dropbox
2016-08-30 11:58 - 2006-02-28 05:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-27 20:52 - 2009-12-30 11:18 - 00064756 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-08-27 20:52 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-08-27 20:52 - 2009-12-30 11:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-08-27 20:52 - 2009-12-29 13:28 - 00000178 ___SH C:\Documents and Settings\Bill Hebert\ntuser.ini
2016-08-27 16:30 - 2015-10-24 15:52 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents\Dropbox
2016-08-24 10:59 - 2015-10-24 15:41 - 00000000 ____D C:\Program Files\Dropbox
2016-08-22 10:00 - 2010-04-03 11:45 - 00000000 ____D C:\Documents and Settings\Bill Hebert\My Documents\MS Excel
2016-08-19 10:10 - 2010-03-28 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-08-16 16:25 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert
2016-08-10 15:21 - 2013-08-14 15:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:11 - 2009-12-30 17:35 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-10 14:20 - 2010-03-29 22:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
==================== Files in the root of some directories =======
2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-08-2016
Ran by Bill Hebert (30-08-2016 15:46:42)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================