Solved Microsoft Security Essentials found - TrojanDownloader: JS/Swabfex.P

[Bob Hobart]

Downloaded a new copy of RogueKiller Set-Up to see if I could at least get RogueKiller to load and it still fails everytime,...

 

[Broni]

Don't worry about it.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Bob Hobart]

ComboFix 16-09-05.01 - Bill Hebert 09/10/2016 9:53.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1457 [GMT -7:00]
Running from: c:\documents and settings\Bill Hebert\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2016-08-10 to 2016-09-10 )))))))))))))))))))))))))))))))
.
.
2016-09-08 18:54 . 2016-09-08 19:12 -------- d-----w- C:\AdwCleaner
2016-08-30 22:44 . 2016-09-02 19:21 -------- d-----w- C:\FRST
2016-08-30 22:06 . 2016-08-30 22:06 -------- d-----w- c:\program files\McAfee Security Scan
2016-08-30 19:11 . 2016-08-30 19:11 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A005FDD3-CAA8-4554-B9C3-0573E29FA3B0}\offreg.900.dll
2016-08-30 19:09 . 2016-08-02 22:19 9654712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A005FDD3-CAA8-4554-B9C3-0573E29FA3B0}\mpengine.dll
2016-08-27 05:17 . 2016-08-02 22:19 9654712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-08 18:00 . 2014-07-19 22:55 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-27 19:25 . 2011-05-24 22:39 406184 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-08-30 21:34 212800 ----a-w- c:\program files\Dropbox\Client\DropboxExt.42.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-20 39408]
"Amazon Music"="c:\documents and settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe" [2015-07-06 5886784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-21 32768]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-08-30 25197248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-21 32768]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe SystemTray [2004-12-21 32768]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Bill Hebert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Dropbox\\Client\\Dropbox.exe"=
.
R3 FTEventService;FTEVTBDG;c:\program files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [12/29/2009 7:49 PM 3873]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [12/30/2009 11:21 AM 11596]
S2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [10/24/2015 3:41 PM 136048]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [7/31/2006 9:44 PM 580992]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/16/2011 11:32 AM 191752]
S3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [10/24/2015 3:41 PM 136048]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.11.334\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.11.334\McCHSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/2/2015 4:16 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 17:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-09-10 c:\windows\Tasks\Amazon Music Helper.job
- c:\documents and settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [2015-07-12 17:47]
.
2016-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2016-09-10 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-10-24 22:41]
.
2016-09-10 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-10-24 22:41]
.
2016-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 16:11]
.
2016-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 16:11]
.
2016-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
- c:\documents and settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-21 15:46]
.
2016-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
- c:\documents and settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-21 15:46]
.
2016-09-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 17:13]
.
2016-09-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2016-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.376\SSScheduler.exe
AddRemove-Free MP4 Video Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free Video to DVD Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-09-10 10:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\WININET.dll
c:\program files\Dropbox\Client\DropboxExt.42.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2016-09-10 10:16:12
ComboFix-quarantined-files.txt 2016-09-10 17:16
ComboFix2.txt 2014-05-18 19:36
ComboFix3.txt 2014-02-04 18:16
.
Pre-Run: 4,461,002,752 bytes free
Post-Run: 5,568,741,376 bytes free
.
- - End Of File - - 53C3FBEA4A463992CD19FF8C5D18FD67
8F558EB6672622401DA993E1E865C861

 

[Bob Hobart]

Broni,

I keep getting messages:

*** You are about to view pages over a secure connection. ***

Everytime I open a new webpage. Is that normal?

 

[Broni]

Open Internet Explorer. Click Tools > Internet Options > Advanced > Security.
Uncheck the "Warn if changing between secure and not secure mode" box.

Then...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Bob Hobart]

FRST.txt

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Bill Hebert (administrator) on BILLS-MACHINE (11-09-2016 10:29:06)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
() C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Promise Technology, Inc.) C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Ptipbmf] => C:\WINDOWS\system32\ptipbmf.dll [118784 2003-06-20] (Promise Technology, Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-12-21] (ATI Technologies, Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [Copperhead] => C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-30] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-20] (Google Inc.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [Amazon Music] => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [32768 2004-12-21] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-30] (Dropbox, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk [2009-12-30]
ShortcutTarget: ATI CATALYST System Tray.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2009-12-30]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{056965E7-B770-4A95-A613-F8D6CD456FF9}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> {8ACF205B-9DD8-4599-B15A-D7C1E172C480} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-05-16] (Microsoft Corporation.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1844237615-1788223648-682003330-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262217052281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://join-test.webex.com/client/T27L/webex/ieatgpc.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-04-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDA\npthinkorswim.dll [2016-02-06] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1844237615-1788223648-682003330-1004: tdameritrade.com/tossc -> C:\Program Files\thinkTDA\nptossc.dll [2016-02-06] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Bill Hebert\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-30] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Bill Hebert\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-12-21] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-24] (Dropbox, Inc.)
S3 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RAIDmAgt; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe [679936 2004-09-06] (Promise Technology, Inc.) [File not signed]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
S3 APL531; C:\WINDOWS\System32\Drivers\FILMSCAN.sys [580992 2006-07-31] (Omnivision Technologies, Inc.) [File not signed]
R3 atinevxx; C:\WINDOWS\System32\DRIVERS\atinevxx.sys [165888 2005-02-01] (ATI Technologies Inc.)
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [105984 2004-08-03] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340176 2006-08-17] (Creative Technology Ltd)
R0 fasttx2k; C:\WINDOWS\System32\drivers\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R3 FTEventService; C:\Program Files\Promise Technology, Inc\Promise Array Management\FTEVTBDG.sys [3873 2009-12-29] (Promise Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\USR_BSC2.sys [231168 2005-08-08] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\USR_MDMV.sys [1035008 2005-08-08] (Conexant Systems, Inc.)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [15360 2005-02-01] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 UsbFltr; C:\WINDOWS\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_USR.sys [729728 2005-08-08] (Conexant Systems, Inc.)
U5 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-11 10:29 - 2016-09-11 10:29 - 00021702 _____ C:\Documents and Settings\Bill Hebert\Desktop\FRST.txt
2016-09-10 10:16 - 2016-09-10 10:16 - 00014908 _____ C:\ComboFix.txt
2016-09-10 10:16 - 2016-09-10 10:16 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-09-10 10:16 - 2016-09-10 10:16 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-09-10 10:16 - 2016-09-10 10:16 - 00000000 ____D C:\Documents and Settings\Guest User\Local Settings\temp
2016-09-10 10:16 - 2016-09-10 10:16 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2016-09-10 10:16 - 2016-09-10 10:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2016-09-10 09:51 - 2016-09-10 10:16 - 00000000 ____D C:\ComboFix
2016-09-10 09:47 - 2016-09-10 09:48 - 05658674 ____R (Swearware) C:\Documents and Settings\Bill Hebert\Desktop\ComboFix.exe
2016-09-08 21:24 - 2016-09-08 21:27 - 33106704 _____ (Adlice Software ) C:\Documents and Settings\Bill Hebert\Desktop\setup.exe
2016-09-08 21:09 - 2016-09-08 21:09 - 00003361 _____ C:\Documents and Settings\Bill Hebert\Desktop\JRT.txt
2016-09-08 20:59 - 2016-09-08 20:59 - 01610560 _____ (Malwarebytes) C:\Documents and Settings\Bill Hebert\Desktop\JRT.exe
2016-09-08 11:54 - 2016-09-08 12:12 - 00000000 ____D C:\AdwCleaner
2016-09-08 11:34 - 2016-09-08 11:34 - 03826240 _____ C:\Documents and Settings\Bill Hebert\Desktop\adwcleaner_6.010.exe
2016-09-08 11:20 - 2016-09-08 11:20 - 00001071 _____ C:\Documents and Settings\Bill Hebert\Desktop\mbam 9-8-16-1.txt
2016-09-03 10:53 - 2016-09-03 10:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
2016-09-02 12:17 - 2016-09-02 12:21 - 00051172 _____ C:\Documents and Settings\Bill Hebert\Desktop\Additionold.txt
2016-09-02 12:17 - 2016-09-02 12:21 - 00028788 _____ C:\Documents and Settings\Bill Hebert\Desktop\FRSTold.txt
2016-09-02 12:16 - 2016-09-02 12:16 - 01747968 _____ (Farbar) C:\Documents and Settings\Bill Hebert\Desktop\FRST.exe
2016-08-30 15:44 - 2016-09-11 10:29 - 00000000 ____D C:\FRST
2016-08-30 15:06 - 2016-08-30 15:40 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-30 15:06 - 2016-08-30 15:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2016-08-30 15:04 - 2016-08-14 11:01 - 00000425 _____ C:\AVScanner.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-11 10:29 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Temp
2016-09-11 10:25 - 2015-10-24 15:41 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-11 10:25 - 2015-07-12 11:15 - 00000546 _____ C:\WINDOWS\Tasks\Amazon Music Helper.job
2016-09-11 10:25 - 2014-03-27 11:44 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-09-11 10:25 - 2013-04-20 14:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-11 10:25 - 2009-12-29 19:49 - 00000129 _____ C:\WINDOWS\MsgAgt.INI
2016-09-11 10:25 - 2009-12-29 13:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-10 10:39 - 2009-12-30 11:18 - 00064756 _____ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-10 10:39 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-10 10:39 - 2009-12-30 11:18 - 00053968 _____ C:\WINDOWS\system32\BMXState-{00000002-00000000-0000000A-00001102-00000005-00211102}.rfx
2016-09-10 10:39 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-09-10 10:39 - 2009-12-30 11:18 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-09-10 10:39 - 2009-12-30 11:15 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-09-10 10:39 - 2009-12-29 13:28 - 00000178 ___SH C:\Documents and Settings\Bill Hebert\ntuser.ini
2016-09-10 10:39 - 2009-12-29 13:26 - 00032334 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-10 10:18 - 2011-03-20 17:43 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job
2016-09-10 10:16 - 2014-02-04 11:06 - 00000000 ____D C:\Qoobox
2016-09-10 10:14 - 2006-02-28 05:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-09-10 09:46 - 2015-10-24 15:41 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-10 09:44 - 2013-04-20 14:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-10 09:29 - 2006-02-28 05:00 - 00013734 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-08 11:00 - 2014-07-19 15:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-07 09:01 - 2013-10-05 10:02 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-09-07 08:45 - 2013-10-05 10:01 - 01112702 _____ C:\WINDOWS\ntbtlog.txt
2016-09-05 10:25 - 2014-03-27 11:54 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-09-05 09:33 - 2015-10-24 15:41 - 00000000 ____D C:\Program Files\Dropbox
2016-09-02 14:18 - 2011-03-20 17:43 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job
2016-08-31 10:37 - 2009-12-29 13:28 - 00000000 ____D C:\Documents and Settings\Bill Hebert
2016-08-31 10:20 - 2009-12-29 13:28 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents
2016-08-31 09:52 - 2010-03-28 19:01 - 00002515 _____ C:\Documents and Settings\Bill Hebert\Desktop\Microsoft Office Word 2007.lnk
2016-08-30 12:00 - 2015-10-24 15:41 - 00000000 ____D C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Dropbox
2016-08-27 16:30 - 2015-10-24 15:52 - 00000000 ___RD C:\Documents and Settings\Bill Hebert\My Documents\Dropbox
2016-08-22 10:00 - 2010-04-03 11:45 - 00000000 ____D C:\Documents and Settings\Bill Hebert\My Documents\MS Excel
2016-08-19 10:10 - 2010-03-28 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
==================== Files in the root of some directories =======
2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt =====

 

[Bob Hobart]

ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Bill Hebert (11-09-2016 10:30:06)
Running from C:\Documents and Settings\Bill Hebert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-12-29 20:11:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1844237615-1788223648-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1844237615-1788223648-682003330-1005 - Limited - Enabled)
Bill Hebert (S-1-5-21-1844237615-1788223648-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bill Hebert
Guest (S-1-5-21-1844237615-1788223648-682003330-501 - Limited - Enabled)
Guest User (S-1-5-21-1844237615-1788223648-682003330-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest User
HelpAssistant (S-1-5-21-1844237615-1788223648-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1844237615-1788223648-682003330-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
35mm Film Scanner X86 (HKLM\...\{F3CF9967-7631-4DE5-9FAF-A9712D450C2B}) (Version: 5.00.0000 - 35mm Film Scanner)
7-Zip File Manager version 9.20 (HKLM\...\{863448D4-F184-4B21-A46B-323C97A2D038}_is1) (Version: 9.20 - Download Freely, LLC)
ABF Outlook Express Backup (HKLM\...\{C19FD5D9-475F-4BB8-99F6-9F5B680DE183}) (Version: 2.73 - ABF software)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D5F3ED63-272E-4C35-9771-601C906C19D0}) (Version: 6.1.56.148 - ArcSoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1011 - )
ATI Catalyst Control Center (HKLM\...\{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}) (Version: 1.0.1760.38296 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5137 - )
ATI Decoder (HKLM\...\InstallShield_{DFBC9BD3-4265-44A5-AEEE-962F49D5C78C}) (Version: 3.10 - ATI Technologies Inc.)
ATI Decoder (Version: 3.10 - ATI Technologies Inc.) Hidden
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.091-041221a-020645C-ATI - )
ATI HYDRAVISION (HKLM\...\{083F79E4-6FE9-46FB-A6C6-4F8862742947}) (Version: 3.25.9006 - )
ATI Multimedia Center (Version: 9.03 - ATI Technologies) Hidden
ATI Multimedia Center 9.03 (HKLM\...\InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}) (Version: 9.03 - ATI Technologies)
ATI Problem Report Wizard (HKLM\...\{2049131B-57D2-4C70-B25F-B683C8E52142}) (Version: 8.09 - ATI Technologies)
AudibleManager (HKLM\...\AudibleManager) (Version: 1309592.1378168.1310188.2089871648 - Audible, Inc.)
Bing Bar (HKLM\...\{30482AC3-4FC6-4E35-95F2-0BB415960631}) (Version: 7.0.760.0 - Microsoft Corporation)
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Creative Audio Console (HKLM\...\AudioCS) (Version: - )
DAO (HKLM\...\InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}) (Version: 3.5 - ATI)
DAO (Version: 3.5 - ATI) Hidden
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM\...\ffdshow_is1) (Version: 1.1.4369.0 - )
FileZilla Client 3.5.3 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Free YouTube Download version 4.0.0.915 (HKLM\...\Free YouTube Download_is1) (Version: 4.0.0.915 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{23199BD2-AFD7-450E-ADC8-3E16132F17A2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{C73CA646-73B3-4AEF-A136-C37505745174}) (Version: 10.4.0.80 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Promise Array Management (PAM) (HKLM\...\{FC9D4665-8553-4EBB-9456-31FD98D8C62D}) (Version: 4.00.0000 - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Razer Copperhead (HKLM\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: - )
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SSA Benefit Calculator (HKLM\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.11.0002 - Social Security Administration)
thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.)
U.S. Robotics V.92 PCI Faxmodem (HKLM\...\USR_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_200014F1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\WinDirStat) (Version: - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.135\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.99\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.57\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.25.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.27.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.69\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.2.183.39\goopd (the data entry has 18 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.79\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.23.9\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.30.3\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.1\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.145\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.123\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.153\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.13\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.29.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4190\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.24.15\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.149\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.22.3\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.165\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.26.9\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.115\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.29.1\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.25.11\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.28.15\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.65\psuser (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.22.5\psuser. (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.21.111\psuse (the data entry has 16 more characters).
CustomCLSID: HKU\S-1-5-21-1844237615-1788223648-682003330-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\1.3.24.7\psuser. (the data entry has 14 more characters).
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004Core.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1788223648-682003330-1004UA.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\Bill Hebert\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ATI HYDRAVISION\Download latest HYDRAVISION from ATI.com.lnk -> hxxp://www.ati.com/online/hydravision

 

[Bob Hobart]

==================== Loaded Modules (Whitelisted) ==============
2012-01-08 06:41 - 2012-01-08 06:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6f9eecbd\mscorlib.dll
2013-07-11 03:19 - 2013-07-11 03:19 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_bbf45ea2\system.dll
2013-07-11 03:19 - 2013-07-11 03:19 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bb86be42\system.windows.forms.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_f212f96d\system.xml.dll
2013-07-11 03:20 - 2013-07-11 03:20 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c1c78821\system.drawing.dll
2009-12-30 11:17 - 2006-08-17 12:32 - 00003072 _____ () C:\WINDOWS\CTXFIRES.DLL
2009-12-30 11:21 - 2005-11-25 11:53 - 00155648 _____ () C:\Program Files\Razer\Copperhead\razerhid.exe
2009-12-30 11:21 - 2005-08-17 14:23 - 00151552 _____ () C:\Program Files\Razer\Copperhead\download.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-03 10:53 - 2016-08-05 20:21 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-09-03 10:53 - 2016-08-05 20:21 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-09-03 10:53 - 2016-08-05 20:22 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-09-03 10:53 - 2016-08-05 20:21 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-09-03 10:53 - 2016-08-05 20:21 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-08-24 10:59 - 2016-08-05 20:21 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-08-24 10:59 - 2016-08-30 14:38 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-08-24 10:59 - 2016-08-05 20:21 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-09-03 10:53 - 2016-08-05 20:22 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-09-03 10:53 - 2016-08-05 20:19 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-09-03 10:53 - 2016-08-05 20:24 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-03 10:53 - 2016-08-05 20:25 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-09-03 10:53 - 2016-08-05 20:21 - 00144848 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2016-09-03 10:53 - 2016-08-05 20:22 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-03 10:53 - 2016-08-05 20:25 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-09-03 10:53 - 2016-08-05 20:18 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-09-03 10:53 - 2016-08-30 14:38 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2016-09-03 10:53 - 2016-08-30 14:38 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 10:59 - 2016-08-05 20:22 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-09-03 10:53 - 2016-08-05 20:24 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-09-03 10:53 - 2016-08-30 14:38 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2015-07-12 11:15 - 2015-07-06 10:47 - 05886784 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe
2009-12-30 11:21 - 2005-11-25 11:54 - 00147456 _____ () C:\Program Files\Razer\Copperhead\razertra.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7651 more sites.
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1844237615-1788223648-682003330-1004\...\123simsen.com -> www.123simsen.com
There are 7648 more sites.

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-02-28 05:00 - 2016-06-23 13:28 - 00000070 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [H:\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe] => Enabled:hpznui01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabledropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabledxpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Disabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator
StandardProfile\AuthorizedApplications: [C:\Program Files\Dropbox\Client\Dropbox.exe] => Enabledropbox
DomainProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
DomainProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabledxpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabledxpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabledxpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabledxpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [427:TCP] => :LocalSubNet:Enabled:SLP_Port(427)_TCP
StandardProfile\GloballyOpenPorts: [427:UDP] => :LocalSubNet:Enabled:SLP_Port(427)_UDP
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabledxpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabledxpsp2res.dll,-22002
==================== Restore Points =========================
27-06-2016 10:19:19 Software Distribution Service 3.0
28-06-2016 10:30:58 System Checkpoint
29-06-2016 12:41:17 Software Distribution Service 3.0
01-07-2016 10:42:58 Software Distribution Service 3.0
02-07-2016 12:13:28 Software Distribution Service 3.0
04-07-2016 12:27:12 Software Distribution Service 3.0
05-07-2016 14:15:45 Software Distribution Service 3.0
07-07-2016 10:55:11 Software Distribution Service 3.0
08-07-2016 15:23:23 Software Distribution Service 3.0
09-07-2016 15:32:58 Software Distribution Service 3.0
11-07-2016 08:35:44 Software Distribution Service 3.0
11-07-2016 10:04:12 Software Distribution Service 3.0
12-07-2016 12:02:50 Software Distribution Service 3.0
13-07-2016 11:11:18 Software Distribution Service 3.0
13-07-2016 14:18:31 Software Distribution Service 3.0
15-07-2016 08:56:27 Software Distribution Service 3.0
16-07-2016 10:00:52 System Checkpoint
17-07-2016 13:03:54 Software Distribution Service 3.0
18-07-2016 13:37:58 Software Distribution Service 3.0
20-07-2016 16:35:29 Software Distribution Service 3.0
22-07-2016 09:18:48 Software Distribution Service 3.0
23-07-2016 19:43:28 Software Distribution Service 3.0
25-07-2016 19:29:02 Software Distribution Service 3.0
27-07-2016 11:21:38 Software Distribution Service 3.0
28-07-2016 13:25:03 Software Distribution Service 3.0
29-07-2016 15:20:38 Software Distribution Service 3.0
01-08-2016 09:10:21 Software Distribution Service 3.0
02-08-2016 10:27:01 Software Distribution Service 3.0
05-08-2016 09:29:04 Software Distribution Service 3.0
07-08-2016 10:42:57 Software Distribution Service 3.0
08-08-2016 16:43:14 Software Distribution Service 3.0
10-08-2016 14:33:58 Software Distribution Service 3.0
10-08-2016 15:08:04 Software Distribution Service 3.0
14-08-2016 11:08:19 Software Distribution Service 3.0
15-08-2016 17:14:46 Software Distribution Service 3.0
17-08-2016 15:27:33 Software Distribution Service 3.0
19-08-2016 10:09:56 Software Distribution Service 3.0
19-08-2016 23:38:28 Software Distribution Service 3.0
22-08-2016 07:26:27 Software Distribution Service 3.0
22-08-2016 10:30:32 Software Distribution Service 3.0
24-08-2016 08:30:22 Software Distribution Service 3.0
26-08-2016 22:17:32 Software Distribution Service 3.0
30-08-2016 12:08:56 Software Distribution Service 3.0
30-08-2016 13:31:50 Microsoft Antimalware Checkpoint
02-09-2016 13:29:42 System Checkpoint
05-09-2016 11:21:13 System Checkpoint
08-09-2016 11:39:49 System Checkpoint
08-09-2016 21:07:13 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (09/08/2016 09:46:04 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1815439032.
Error: (09/08/2016 09:45:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/08/2016 09:33:56 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1815439032.
Error: (09/08/2016 09:33:48 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1815439032.
Error: (09/08/2016 09:33:44 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1815439032.
Error: (09/08/2016 09:33:40 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1815439032.
Error: (09/08/2016 09:33:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/08/2016 09:33:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/08/2016 09:33:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (09/08/2016 09:33:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (09/11/2016 10:31:05 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/11/2016 10:26:05 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/11/2016 10:25:43 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2016 10:37:45 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2016 10:37:16 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2016 09:34:49 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2016 09:29:49 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2016 09:29:30 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/09/2016 09:01:45 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/09/2016 08:56:45 AM) (Source: DCOM) (EventID: 10005) (User: BILLS-MACHINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 2047.23 MB
Available physical RAM: 1292.65 MB
Total Virtual: 3943.49 MB
Available Virtual: 3345.8 MB
==================== Drives ================================
Drive c: (XPWin Drive) (Fixed) (Total:49.68 GB) (Free:5.22 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (PROGRAM & DATA DRIVE) (Fixed) (Total:49.69 GB) (Free:44.44 GB) NTFS
Drive e: (VIDEO & MUSIC DRIVE) (Fixed) (Total:49.64 GB) (Free:30.99 GB) NTFS
Drive I: (IPOD MUSIC DRIVE) (Fixed) (Total:56.68 GB) (Free:0.43 GB) NTFS
Drive j: (BACK-UP DRIVE) (Fixed) (Total:46.4 GB) (Free:21.58 GB) NTFS
Drive k: (ARCHIVE DRIVE) (Fixed) (Total:45.97 GB) (Free:23.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 0911D91B)
Partition 1: (Not Active) - (Size=56.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=92.4 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 0CDD2078)
Partition 1: (Active) - (Size=49.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.3 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Bob Hobart]

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by Bill Hebert (13-09-2016 14:41:15) Run:1
Running from C:\Documents and Settings\Bill Hebert\Desktop
Loaded Profiles: Bill Hebert (Available Profiles: Bill Hebert & Guest User & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]
S3 catchme; \??\C:\DOCUME~1\BILLHE~1\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr; no ImagePath
2010-02-20 18:41 - 2013-09-10 19:10 - 0009728 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-30 11:15 - 2009-12-30 11:15 - 0000134 _____ () C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat
2010-12-30 20:44 - 2016-06-21 09:08 - 0017561 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe <==== ATTENTION
C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1844237615-1788223648-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
McComponentHostService => service removed successfully.
catchme => service removed successfully.
TlntSvr => service removed successfully.
C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\fusioncache.dat => moved successfully
C:\Documents and Settings\All Users\Application Data\hpzinstall.log => moved successfully
C:\WINDOWS\Tasks\Amazon Music Helper.job => moved successfully

"C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music" folder move:

Could not move "C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-09-2016 14:42:56)

C:\Documents and Settings\Bill Hebert\Local Settings\Application Data\Amazon Music => moved successfully

==== End of Fixlog 14:42:57 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Bob Hobart]

All four program ran fine with no issues,... TFC did a clean and rebooted SOPHOS ran and had no threats detected,...

***CHECKUP.TXT

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Security Scan Plus
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 45
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

*** FSS,TXT

Ran by Bill Hebert (administrator) on 14-09-2016 at 17:04:52
Running from "C:\Documents and Settings\Bill Hebert\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[Broni]

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

===========================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Bob Hobart]

Broni,

Completed the list above,...
Computer is running fine,...

Qualys did not run but everything else did,...
QUESTION: Sophos was not removed by DelFix - is this a good program to run from time to time?

PROBLEM: Microsoft Security Essentials appears to have been hit when I got this Virus and it does not run now,...
-- It does still run fine on my other two XP machines
-- It still updates virus definitions on this machine - (I just did one)
-- It still shows the icon in start-up and still reports status
But when I open it, it does not let me run a scan,...

How should I proceed to try to get it running again?

I see a - setup-exe - file for it in the - Microsoft Security Client - directory but I did not want to try running it until I checked first.
(The dates on all the files are all pre-2015 so they do not look like they have been messed with,..)

Thanks,

 

[Broni]

Yes, you can keep Sophos.

Unfortunately MSE is not supported anymore in XP so we can' reinstall it.

I suggest you uninstall it and install Avast: http://www.avast.com/eng/download-avast-home.html

 

[Bob Hobart]

Broni,

MSE removed, Avast Installed, MS Security Center showing all green (y)
Had a question about Avast Cleanup (loaded and ran with AntiVirus) and not sure if you are the right person to ask,...
Indicated - 184Mbyte in Junk files, 26 Unnecessary Apps, 21 System Settings - All not Resolved
Is it safe to hit - Resolve - ???

Thanks,

-- Bill

 

[Broni]

I'd leave it alone. It seems to overaggressive.
All you need to do is to run TFC once in a while.
I don't like any kind of so called optimizers.
They can easily mess something up.

 

[Bob Hobart]

Broni,

Thanks, that kinda was my take too,... OK to close this thread,...
Thanks for getting my machine back up and running smooth again.

 

[Broni]

Way to go!!
Good luck and stay safe